You may recall from earlier communications that Penn Medicine has launched a new software-enabled program to proactively monitor clinical systems to help detect inappropriate access to patient medical records. The program was initiated in September to implement HIPAA requirements and to help maintain the confidentiality of information that our patients expect and deserve. In the first run of the program, numerous events of possible inappropriate access were identified. These events were investigated by Entity Privacy Officers and have resulted in several disciplinary actions.
The Penn Medicine Privacy and Security offices continue to regularly monitor for possible inappropriate access.
Always remember that access to clinical information must be for the purpose of conducting official (i.e., job-related) duties. A well-intentioned review of a friend or family member's record in Penn Medicine clinical systems is not permitted if it is not part of your job function. Nor is it permissible to review a medical record with the patient's consent if you are not involved in the patient's care or otherwise authorized by Penn Medicine to access the information. Patients who wish to access their record should be directed to myPennMedicine or contact the Health Information Management Department or their physician's office. And of course, Penn Medicine employees may not access a patient chart out of curiosity – whether it be about a celebrity, co-worker, friend or anyone else.