This question is essentially about right and wrong. Unless there is a clear need for a QI to access patient information,...
then he or she shouldn't. Period. If the QI is conducting an investigation, driven by either an incident or as part of a process improvement initiative, then it might be acceptable. However, the patient should be notified ahead of time, and give his or her permission to proceed.
Yes, that's a hassle. And yes, it's possible to structure the HIPAA notification to allow access to the patient's data under certain circumstances. But that doesn't make it ethically right. The question is: What's best for the patient? Would he or she want a QI rummaging through his or her data? Probably not.
Dig Deeper on HIPAA
Related Q&A from Mike Rothman
The CISSP certification can be a challenge to obtain. Mike Rothman unveils how to get on the right education and career tracks in order to get CISSP ... Continue Reading
In the world of security certifications, what is the GISP and how alike is it to the CISSP? In this security management expert response, learn about ... Continue Reading
Depending on your enterprise, it may or may not be necessary to utilize a QSA. In this security management expert response, learn how to determine ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.