I’m not sure how routine checking of logs would work, logistically. Yes, nurses, doctors, clerks, billers, etc should only be checking the medical records for patients they need to in order to perform their duties. However, the mere fact that someone accessed a record isn’t enough to tell you much.
I’m the manager for a largish medical practice. We have over 10000 patients in our record system, some of them locally high-profile. If Medical Assistant A looked at records for Patient B, there are any number of legitimate reasons for doing that. Maybe the patient needed a referral and that’s the MA who took the call. Checking the logs isn’t going to help me much to see who might be inappropriately accessing records.
But if Patient B was the subject of a news story and medical information found its way into that news story, I would have a log of everyone who accessed those records. In my clinic, it would probably be almost everyone. But I could probably pinpoint who looked at what around the time the story came out. In a hospital with a few hundred employees, it would be much easier to narrow down who should not have access. That nurse in the neonatal unit had no business looking.
But you are only going to know to look when there’s a problem. Otherwise, how do you know who has a legitimate need to look and who doesn’t? And for every patient who walks in the door? Practically impossible. That’s thousands of access log records every day.
Sent from my iPhone using Tapatalk
