Maintaining the privacy and security of our patients’ and Health Plan members’ medical information is a key component of providing high quality care. Patients, Health Plan members, and their families must be able to trust that no one at Texas Children’s inappropriately accesses, discloses, or uses their protected health information (PHI). Having our patients’ and Health Plan members’ trust is an essential element of the care we provide and the relationship we develop with families.
As a Texas Children’s workforce member, you should only access medical records when it is part of your official, assigned work duties. Every “click” within our patient care systems is recorded. The Compliance and Privacy Office uses data analysis software to detect potential inappropriate access. When a workforce member appears to be “snooping,” the Compliance & Privacy Office coordinates with leadership and Human Resources to investigate and determine appropriate disciplinary action, up to and including termination. Three workforce members have been terminated this year for privacy violations.
Earlier this year, a child treated at Texas Children’s Hospital was the subject of multiple news stories. The Compliance and Privacy Office applied Epic’s Break-the-Glass tool to the patient’s record to deter inappropriate access. Despite these measures, two workforce members (who worked in areas in which the patient had no activity) “broke the glass” and accessed the patient’s record. Additionally, thirty-six workforce members searched the patient’s name in Epic but did not proceed past the Break-the Glass prompt into the medical record. This “snooping” was inappropriate and in violation of law and our policies. The two workforce members who accessed the patient’s record received disciplinary action, and the thirty-six individuals who searched the patient’s name received a warning from the Compliance and Privacy Office.
Your responsibility as a Texas Children’s workforce member is to:
- Only access PHI when it is part of your assigned work responsibilities.
- Do not access the records of your friends, family members, children, or yourself.
- Do not access records out of curiosity.
- Do not disclose PHI to unauthorized persons.
- Do not share PHI on social media sites (Facebook, Instagram, Twitter, etc.).
Key Takeaway! Do not access any medical record unless it is necessary to do your job. Inappropriately accessing, using or disclosing PHI is a violation of federal and state law and Texas Children’s policy, and may result in disciplinary action, up to and including termination.
Questions? Contact the Compliance and Privacy Office by calling 832-824-2085 or emailing compliance@texaschildrens.org.