MUSCMedical LinksCharleston LinksArchivesMedical EducatorSpeakers BureauSeminars and EventsResearch StudiesResearch GrantsCatalyst PDF FileCommunity HappeningsCampus News

Return to Main Menu

Reminder: HIPAA Privacy Rules, regulations

by Mike Wheeler
University Privacy Officer
The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule was implemented in April of this year. 

This Privacy Rule provides a federal law to protect privacy and confidentiality by preventing a release of an individual’s private health information. An overview of the few problem areas identified will help prevent future occurrences of these same problems. 

  • Sharing computer access passwords. Each person obtaining a password to gain access to one of our computerized patient record systems (for example, Oacis) must sign a security agreement. By signing this security agreement, you agree not to share your password with anyone. Also, you must remember to log out of these computerized record systems before you leave your computer terminal unattended.
  • Accessing fellow employee’s medical records. A medical record can only be accessed for treatment, payment, or health care purposes.  Accessing a medical record for the reason that you are concerned about the health status of your fellow employees is not an acceptable excuse. 
  • Accessing medical records and databases to determine if a patient population exists to conduct a research study. Accessing medical records and/or databases for a review to determine an adequate patient population is considered a review “Preparatory to Research” and must be approved by the Privacy Board.  Forms for Privacy Board approval can be found at http://research.musc.edu/hipaa/home.htm.
  • Randomly accessing medical records to recruit subjects for research studies (protocols). Only Institutional Review Board (IRB) approved methods will be used to recruit subjects for research studies. All recruitment methods must be reported and approved by the IRB prior to use. Randomly accessing medical records is not an approved recruitment method. 
  • Discussing medical conditions in areas accessible to other patients. We discourage discussing health information in waiting rooms or clinical areas with other patients present. However, at times these discussions must take place. When discussing health information in a waiting room or areas where other patients are able to hear your conversation, speak softly. 
  • Leaving medical records unattended. A medical record was found unattended in a hallway. If you remove a medical record from a storage area, you are responsible for the security of the record. 
In addition to identifying the above problem areas, we also identified a couple of unfounded, incorrect myths. For example: 
1) Not true that a physician can only write a prescription in the exam room.  For example, a physician may write a prescription at a nurse’s station. 

2) Not true that MUSC cannot determine if you accessed another employee’s medical record. Our computerized patient record systems (for example, Oacis) have built- in audit functions. We have the capability to determine which medical records you accessed and even what areas (lab or pathology reports, discharge summaries, etc.) you accessed. If you accidentally access the medical record of any fellow employee, please notify your supervisor immediately.
 
 

Catalyst Online is published weekly, updated as needed and improved from time to time by the MUSC Office of Public Relations for the faculty, employees and students of the Medical University of South Carolina. Catalyst Online editor, Kim Draughn, can be reached at 792-4107 or by email, catalyst@musc.edu. Editorial copy can be submitted to Catalyst Online and to The Catalyst in print by fax, 792-6723, or by email to petersnd@musc.edu or catalyst@musc.edu. To place an ad in The Catalyst hardcopy, call Community Press at 849-1778.