Protecting patient privacy is a priority for all of us at Penn Medicine Princeton Health, as we demonstrate daily our commitment to providing the highest quality care and the best patient experience that we can.
Failure to properly safeguard protected health information (PHI) is a violation of the Health Insurance Portability and Accountability Act (HIPAA). Under Penn Medicine policy, one may access a patient’s PHI only when it is necessary to fulfill job duties.
Penn Medicine proactively monitors the accessing of PHI on our electronic medical record (PennChart). Snooping is a violation and can result in disciplinary action or even termination.
If your job requires you to access patient records, here are five key guidelines:
- Never snoop. Just because you can see patient information does not mean you should. Access a patient’s PHI only when it’s necessary to do your job.
- Good intentions are no excuse. Trying to help friends or family members, for example, does not authorize you to access anyone’s PHI.
- Non-clinical data is still PHI. Even basic information – such as date of birth, phone number, home address, or an email address – is private.
- Don’t share your username or password. You are responsible for any accessing of PHI that occurs under your credentials.
- When you need to know, you need to know. If you come upon a “break the glass” prompt for a patient record that you need for your job, go ahead and break the glass. Contact the Help Desk if you are interested in “break the glass” protection for your own medical record.
Geri Karpiscak, MSN, RN, Director of Patient Relations and Customer Service, is the entity privacy officer at Penn Medicine Princeton Health. You may report suspected privacy violations to her at 609-853-7157.
You may also contact the Penn Medicine Privacy Office – privacy@uphs.upenn.edu. If you wish to remain anonymous, please call the 215-PCOMPLY hotline (215-726-6759) or file a complaint online at www.upenn.edu/215pcomply.