UCSF Privacy Office Launces Enhanced Electronic Health Record Monitoring Program

Dawn Jackson-Freyman's picture

With an eye towards patient privacy and confidentiality, the UCSF Privacy Office recently launched an enhanced Electronic Health Record (EHR) monitoring program, using Iatric Systems’ Security Audit Monitoring software. Monitoring ePHI applications for inappropriate access is a standard business practice across our enterprise.

Launched in May 2015, the enhanced program will utilize APeX access audit logs, user information, and advanced data analytics tools to track and identify potential inappropriate access to UCSF patients’ electronic medical records. Access to patient records will be evaluated for appropriateness, in accordance with existing UCSF policies and procedures, as well as federal and state laws and regulations. In the event that inappropriate access, use, or disclosure of confidential information is confirmed, the Privacy Office will work with all necessary parties to ensure that quick action is taken in accordance with UCSF Policy 200-32, Workforce Sanctions for Patient Privacy Violations, as well as other applicable University policies and collective bargaining agreements, as needed.

Per UCSF policy, unauthorized access, use, disclosure, or viewing of confidential information in violation of state and/or federal laws is strictly prohibited and may result in disciplinary and corrective actions up to and including termination, suspension of privileges, and loss of medical or professional licensure. Some violations may also expose involved workforce members to personal liability (e.g., fines, civil damages) and/or criminal sanctions depending on the circumstances of the violation.

For more information about this program, please contact the Privacy Office at (415) 353-2750 or [email protected].