Aug 2, 2017
A resident clinical supervisor instructed a group of students to enter the electronic medical record of a patient whose care they were not involved in. This was done so that another student's chart note could be used as a model for incorrect charting. The person who filed the HIPAA complaint did not know the patient's name.

Is this a reportable HIPAA breach? Is this behavior typical of clinical education? Is this a FERPA violation against the student whose work was publicly criticized?


Senior Member
15+ Year Member
Feb 13, 2004
Visit site
Attending Physician
it doesn't seem like a breach of either. the records were accessed under supervision as part of the students' education. a patient note does not constitute a school's educational record. instruction through review of patient charts is typical of clinical education.


SDN Bronze Donor
Bronze Donor
2+ Year Member
Aug 10, 2017
Medical Student (Accepted)
I’m not a medical student yet, but I work for a large EHR company so we deal with HIPAA on a regular basis. There are three reasons why health records can be accessed that are acceptable:
  • Treatment
  • Payment
  • Healthcare operations
Your example would most likely fall under the third

Health care operations are any of the following activities: (a) quality assessment and improvement activities, including case management and care coordination; (b) competency assurance activities, including provider or health plan performance evaluation, credentialing, and accreditation; (c) conducting or arranging for medical reviews, audits, or legal services, including fraud and abuse detection and compliance programs; (d) specified insurance functions, such as underwriting, risk rating, and reinsuring risk; (e) business planning, development, management, and administration; and (f) business management and general administrative activities of the entity, including but not limited to: de-identifying protected health information, creating a limited data set, and certain fundraising for the benefit of the covered entity.
About the Ads