Electronic Health Record Forensics Expert Witness:
Nosy Healthcare Employees Snoop Electronic Medical Records!

Electronic Medical Record Forensics / Digital Forensics Articles

By Scott Greene

Electronic Medical Records (EMR) and Electronic Health Records (EHR) are great tools that allow for data exchange between providers and faster access to a person’s medical history. Along with this ease of access comes the potential for abuse.

Electronic Medical Record Forensics Expert: Data Privacy Image

Healthcare workers use these systems to manage patient information, but access to a patient’s records should be limited to only those with responsibility for a patient's care.

Unauthorized access to a person’s electronic medical records has become easier and abuse is estimated to be high. The beauty of EMR & EHR systems is that audit trails are built in. So unauthorized access is easily detected, and in fact it is relatively trivial. Organizations just need to compare the list of caregivers that SHOULD have access to those that have accessed a person’s electronic medical record. And, in the age digital medical records, these unauthorized views are far too common.

EXAMPLE EMR DATA BREACHES:

Kayne West and Kim Kardashian had their baby in the Cedars-Sinai Hospital in Los Angeles, CA. on June 24, 2013. Between June 18 and June 24, 2013 Kim Kardashian’s medical records were inappropriately accessed. The hospital fired 5 individuals who accessed Kim’s medical records outside of their scope of employment.  In addition to the 5 fired for accessing Kardashian’s records, a Sixth person was fired for accessing the records of 14 patients in that same time period.

In October of 2013, the Allina Health System in Minnesota notified approximately 3,800 patients that one of its medical assistants had improperly accessing their Protected Health Information (PHI) over approximately three years between February 2010 and September 2013. The record system which covers all of the Allina Health System, allowed the employee to access not only records at the clinic that in their employed location, but also records from other locations within the organization. The employee in this case, accessed: patients names, dates of birth, clinical health data, health insurance coverage information and partial Social Security numbers.

"We deeply regret that this occurred and want you to know we are committed to protecting the privacy of our patients’ personal information," the Allina website said. "To help prevent similar incidents from happening in the future, we are evaluating our policies related to protecting patient information, examining our computer security programs and continuing to educate employees on their obligation to maintain the privacy of patient information."

FEDERAL EMR MANDATES:

The Health Insurance Portability and Accountability Act (HIPAA) prohibits doctors, their staff and medical professionals from disclosing patient information without their permission. Violating HIPAA is a serious offense which can result in fines and criminal charges.

The Office of the National Coordinator's (ONC) Health Information Technology Certification (HITC) programs mandate that EHR technology meet minimum audit log requirements. All changes and actions to the patient record must be captured, in addition to dates and time of the action, user identification and ID of the patient record being accessed.

In addition to ONC requirements the HIPAA Security Rule along with the Health Information Technology for Economic and Clinical Health (HITECH) Act have specific requirements pertaining to audit logs and patient privacy.


By Scott Greene

Evidence Solutions, Inc.

Complex Electronic Evidence in PLAIN English.

Call us today with your Electronic Medical Record / Electronic Health Record Evidence Questions: 866-795-7166 or This email address is being protected from spambots. You need JavaScript enabled to view it.

Electronic Health Record / Electronic Medical Record Related Articles:

Almost all States have a Data Breach Law - 2014

Healthcare Industry is Vulnerable to Cyber Attacks

Trust the data not the software - Data Forensics Expert

Electronic Medical Record (EMR) Forensics

 

Like Evidence Solutions - Electronic Evidence on Facebook

Follow Evidence Solutions - Digital Evidence Division on LinkedIn

Circle Evidence Solutions - Digital Evidence Division on Google+

Google+ Author

Google+ Publisher