UConn Health prohibits Workforce Members from accessing protected health information (PHI) using job-issued credentials without a work-related reason; this includes searching for demographic information in an electronic health record (EHR) without a work-related reason. Although patient lookup fields do not necessarily open a patient chart, access to any PHI, including demographics, in the EHR falls under the HIPAA Privacy Rule and related UConn Health policies. This means that looking up demographic information to send a birthday or sympathy card, for example, is not permissible. Access to PHI in any form (electronic, hard copy, etc.) requires a work-related reason and must meet the requirements of minimum necessary, as applicable. This includes access to coworkers’, family, household members’, and your own health records, even if someone asks that you do so or gives you permission.
UConn Health expects that all patients, employed or not, access their records via MyChart or by completing a Patient Request to Access Medical Records form through the Office of Health Information Management (HIM). If properly authorized, HIM releases PHI in a variety of forms, including granting of proxy access through MyChart to review certain health record information, if appropriate.
Violations of UConn Health policy and/or HIPAA Privacy requirements, including impermissible access to demographic information, may result in a recommendation of disciplinary measures in accordance with University By-Laws, General Rules of Conduct for All University Employees, applicable collective bargaining agreements, the University of Connecticut Student Code, and/or other applicable policies.
For more information, contact: OHCP at x6060 or ohcp@uchc.edu