On Sept. 1, 2017, Beaumont took another step toward putting into action our patient and family-centered care core concept of information sharing. Beaumont’s new policy, Compliance with Federal and State Privacy Laws and Regulations, includes some changes to our past practices as well as provides some clarifications.

Sharing medical information
Beaumont team members may share protected health information with a patient’s family members, relatives, friends or other persons identified by the patient as involved in the patient’s care. Use consolation rooms or other private areas when speaking with the family member.

• The patient’s nurse, physician or other health care provider should ask the patient who is involved in their care. If he/she has visitors in their room, tell the patient that you are there to review their care and ask the patient if it is acceptable for you to discuss this information in front of the family. Allow the patient time to ask his/her family to leave.
• For unconscious or incapacitated patients, the physician, nurse or other health care provider may share relevant information with family, friends or others involved in the patient’s care, or payment for care, if the health care provider determines, based on professional judgment, that doing so is in the best interest of the patient.
• In most cases, a person driving the patient home from the hospital can receive information about the patient’s medical condition. However, this is not the case every time. Ask the patient what information they want shared with their driver.

Patient access to medical records
Our policy outlines when we can deny access to the medical record, but for the most part, patients have the right to review their medical record or receive a copy. Patients can request to review their medical records while they are in the hospital, request a copy to be mailed to their home or other address or to allow someone else to receive a copy of their record. We cannot deny this request because the patient has not come into our office or because the patient has an outstanding medical bill.  

Medical record formats
Patients have the right to receive a copy of their medical records in the format they requested, if we can readily produce the request. For example, if a patient would like his/her medical record in a PDF electronic file, and we can create the PDF using software or by scanning the record, we are required to provide the patient with the medical record in a PDF format. However, we do not have to buy new software to accommodate the request. We do not have to use a patient’s personal flash drive because of the risk that the patient’s flash drive could have a computer virus. Patients can request to receive a copy of their medical records via email. We must warn the patient of the risk. Our new authorization has language that warns the patient of the risk of receiving health information via email.

What is new?
You may now use your work user ID/password and current access in Epic/oneChart or access in other Beaumont Health electronic medical records, to view your own medical records. You do not need an authorization on file to do so.

You may now use your work user ID/password and current access in oneChart, or access in other Beaumont Health electronic medical records, to view medical records of your family or friends, provided that the they have signed a “Friends and Family Access to Electronic Medical Records Authorization” and this form has been submitted to familyfriendauth@beaumont.org.

As a reminder, when reviewing medical records, if an amendment is needed, the patient or patient’s legal representative must contact Health Information Managers/Medical Records to make the correction – do not attempt to alter or change medical records on your own.

Protecting our patients’ health information at Beaumont
Our compliance and corporate privacy team now uses a machine learning software tool, Protenus, to detect inappropriate access in electronic medical records.

Protenus utilizes patterns of acceptable access to flag possible inappropriate access in medical records. While we have always audited what our employees and other workforce review, this new software will streamline our processes and quickly identify “snooping” or other inappropriate incidents.

Flagged accesses will be reviewed to determine if the user looked at the medical record as allowed by our policy. Like many other health care systems, Beaumont has a zero-tolerance policy for “snooping” in patient protected health information. Be sure you have a clinical or business need when you access PHI. 

For more information about our policy or other privacy related questions:

• Visit our department intranet page for a link to the Family and Friends Authorization and Frequently Asked Questions.
• Call us at 248-987-1705.
• Attend a webinar. For dates, times and registration information, email PrivacyOffice@beaumont.org.