Awareness : Newsletter Articles

Viewing Medical Records of Family Members and Friends

System access is a privilege. As a University employee, you receive a Confidentiality and Acceptable Use Agreement and a HIPAA and Computer Usage Form. By electronically signing this document in Workday, you acknowledge that the use of the system is exclusively for the performance of your job. Accessing the accounts of friends, relatives, coworkers or other individuals is strictly prohibited unless you are specifically required to do so as part of your work-related responsibilities.

UM is committed to protecting the privacy of every patient’s medical record. Any access to patient information should be for legitimate clinical, business, research or educational need related to the normal job functions of an employee.      Remember, access to computer systems, including the EHR system, is provided by the University to its employees in order to do their job.  Please refer to the UM HIPAA Policy HSA 4.1 and UM IT Policy A045.

Employees who are patients must go through the same process as our patients and patient representatives. If you need to schedule an appointment, please contact the appropriate area to do so. If you need to review your bills, you will need to contact the Patient Financial Services Office or contact the department where you were seen. If you would like to view your records online, you can do so by accessing it through the MYUHealthChart patient portal.

Examples of Inappropriate Access for Personal Use:

  • You are NOT permitted to access your own healthcare information (it is only appropriate to do so through the patient portal) unless you have a specific, job-related need.
  • You are NOT permitted to access the healthcare information of a coworker unless you have a specific, job-related need.
  • You are NOT permitted to access the healthcare information of your relatives (spouse, children, parents, etc.) unless you have a specific, job-related need.
  • You are NOT permitted to access the healthcare information of celebrities or any other individual unless you have a specific, job-related need.

Tips:

  • Do not mistake the EHR for a telephone or birthday directory.
  • NEVER share your passwords or allow someone to use your access.
  • If you access a record or screen by mistake, exit out immediately, and continue with your work.
  • Lock your desktop when leaving your workstation.

We appreciate all that you do for UHealth to protect and respect patient privacy. If you have any questions, please   contact the Office of HIPAA Privacy & Security.