Another reason to continue the uncomfortable work of performing audits against ePHI viewing, modification and destruction, in support of §164.312(b), Audits and §164.312(c)(2), was reported today by Asante Health System in Oregon. Asante discovered that a non-employee doctor with credentials to their electronic health record (EHR) system had been looking at patient data without clinical need for almost nine years.
This unauthorized disclosure pattern reportedly affected 8,834 patients and we're amazed that the audit logs were retained for such a long period. The bright spot in this otherwise dull behavior story is that Asante doesn't believe the disclosures were made as part of any criminal activity (e.g. selling the information ,etc.). Click the graphic below if you want to read the Asante press release.
When was the last time you performed an audit against a physician's EHR activity?
Stay (HIPAA) safe,