UConn Health prohibits workforce members from accessing protected health information (PHI) using job-issued credentials without a work-related reason. This includes looking up demographic information in the electronic health record (EHR) without a work-related reason.
Examples of impermissible access:
- Looking up a coworker’s information out of curiosity
- Searching for a patient’s birthday to send a card
- Accessing your own record using work credentials
Even if someone gives you permission, you may not access their record unless it’s part of your job duties.
How Patients Should Access Their Records
Patients, including employees, should use:
- MyChart for secure online access, or,
- Submit a Patient Request to Access Medical Records through the Office of Health Information Management (HIM)
HIM can also grant proxy access when appropriate.
Consequences of Violations
Improper access to PHI—whether electronic or paper—violates:
- HIPAA Privacy Rules
- UConn Health policies
Violations may lead to disciplinary action under
- University By-Laws,
- Employee conduct rules,
- Union agreements, or
- The Student Code
For more information, contact: Office of Healthcare Compliance & Privacy at x6060