Privacy and security audits of electronic health information editor's note: This update supplants the march 2011 practice brief 'security audits of electronic health information (updated)'

摘要

IN A PERFECT world, access controls alone would ensure the privacy and security of electronic protected health information (ePHI). However, the complexities of today's healthcare environment make it extremely challenging to limit access to the minimum information necessary that members of the workforce require in order to perform their jobs. Jn smaller organizations and community-based hospitals, employees may perform multiple functions, each of which requires different levels of access. Without having access to specific portions of every patient's health record, employees' effectiveness could be significantly inhibited, and patient care and safety could be compromised. Organizations must develop security audits and related policies and procedures to hold members of the workforce accountable for their actions when accessing ePHI through the electronic health record (EHR).