Ask the Expert

Who has rights to patient information under HIPAA?

I work as the Nursing Quality Improvement Coordinator for a hospital. Our HIPAA coordinator has told me that I have no right to access patient files. As the Nursing QI, I do investigate incident reports, and of course we collect data for compliance with CMS control monitoring. Do I have the right to patient information as a QI person?

    Requires Free Membership to View

There is no simple answer to that question. HIPAA is pretty nebulous about who should access specific types of data, so that really puts the decision in the hands of whichever auditor shows up to evaluate the controls and processes that protect patient data.

This question is essentially about right and wrong. Unless there is a clear need for a QI to access patient information, then he or she shouldn't. Period. If the QI is conducting an investigation, driven by either an incident or as part of a process improvement initiative, then it might be acceptable. However, the patient should be notified ahead of time, and give his or her permission to proceed.

Yes, that's a hassle. And yes, it's possible to structure the HIPAA notification to allow access to the patient's data under certain circumstances. But that doesn't make it ethically right. The question is: What's best for the patient? Would he or she want a QI rummaging through his or her data? Probably not.

More information:

This was first published in July 2008

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: