Intentional unauthorized patient chart access.

The Michigan Medicine Discipline for Violations of Privacy or Security of Protected Health Information (PHI) or Other Sensitive Information for All Michigan Medicine Workforce Policy, 01-04-390, applies to you!

With that in mind, we want to remind you that peeping into your colleagues' PHI (including searching for their names when they are not your patient) falls under this policy! You are constantly being monitored and your access audited. If you think otherwise, you would be wrong, and you could face discipline up to and including termination. See the Headlines Article from June 20, 2023.

When you are in a common area, such as a team room or on a unit, remember to log off your workstation. Protect yourself from another user searching for patient records that you are not authorized to view. Please see below for the current memorandum of understanding regarding discipline for HIPAA violations.


Potential for Criminal Penalties

An individual workforce member who knowingly obtains or discloses individually identifiable health information in violation of the HIPAA Privacy Rule may face a criminal penalty of up to $50,000 and up to one-year imprisonment. The criminal penalties increase to $100,000 and up to five years imprisonment if the wrongful conduct involves false pretenses, and up to $250,000 and up to ten years imprisonment if the wrongful conduct involves the intent to sell, transfer, or use identifiable health information for commercial advantage, personal gain, or malicious harm. The Department of Justice is responsible for criminal prosecutions under the Privacy Rule.