‘Smart’ EHR software designed for security, privacy, and compliance with the law and ethics, would allow only those who have your informed consent to access your records. Staff and employees who carry out the orders of your attending physician could access your records under the informed consent you give your physician, by electronically affirming they are part of your treatment team. Instead of primitive, legacy EHR systems that allow 10,000 hospital staffers or employees access to your records, in a ‘smart’ EHR system only the 100 or so directly involved in your treatment could get into your PHI, preventing 9,900 snoopers’ eyes from seeing anything.
Is not just celebs who need strong security and privacy for PHI–what about women whose abusers work for hospitals? What about all the minor local celebs? Do you want your nosy neighbor who is a clerk to be able to read your records?
Stepping up employee snooping via retroactive audits is EXTREMELY expensive (major hospitals have to have large technical staffs to be able to audits millions of accesses looking for those that should not have occurred). ‘Smart’ consent technologies exist. Retroactive audits for improper access are like looking for needles in a haystack UNLESS you are Nadya Suleman or some other celebrity whose EHR is being actively watched. Why not keep the horses from getting out of the barn in the first place?
Refer to COMPUTERWORLD story: “Kaiser fires 15 workers for snooping in octuplet mom’s medical records“.