Patient records are an important part of patient care.
It’s where you’ll find the patient’s history, current medication list, diagnosis, and more.
Having access to patient records comes with responsibility.
We’re here to answer whether or not nurses can access anyone’s records- even if they aren’t your current patient.
Can nurses access anyone’s records? Generally, yes, nurses that work within a healthcare system may be able to access any patient’s records. However, there are HIPPA laws and guidelines that must be followed that put restrictions on the type of patient records they can access and which patient records they can access.
These laws usually restrict nurses to only accessing the medical records for the patients they are currently treating. This means they won’t be able to access records of patients they aren’t treating.
For instance, they wouldn’t be able to access the records of a friend who may be a patient elsewhere in the healthcare system.
*Disclosure: This article on can a nurse access any patient’s electronic medical record (EMR) may contain affiliate links. If you click and make a purchase, I may receive a commission. For more info, please see my disclaimer.
Can Nurses Access Anyone’s records?
Along with access to patient records come great responsibility.
Information contained within a patient’s record is confidential and should only be shared with providers that are directly working with the patient and their family members who have been granted access by the patient.
In addition to HIPPA laws and guidelines, there are certain ethical guidelines that nurses should follow.
If these laws and guidelines aren’t followed, a nurse could be held in violation of them and face serious consequences, including (source):
- Termination of their employment
- Suspension of their license
What is the Health Insurance Portability and Accountability Act (HIPAA)?
Put in place by the Clinton Administration in 1996, the Health Insurance Portability and Accountability Act (HIPAA) has five titles that address four key points for Americans (source):
- The ability to transfer and continue health insurance coverage after changing or losing your job.
- Limiting the amount of healthcare fraud occurring across the nation.
- Putting into place universal standards that must be followed by healthcare providers in terms of billing and other practices.
- Protecting the information contained within a patient’s medical record and ensuring confidentiality.
The last point is what impacts the nursing profession the most.
Nurses within a healthcare system may have access to patient records, but their handling of that information must be confidential, by law.
Any violation of this could lead to serious consequences.
Why does HIPAA matter?
HIPAA matters for both patients and healthcare providers. Patients benefit the most from HIPAA, but healthcare providers do as well.
For patients, they can rest assured that their personal information is being safeguarded as it’s communicated between healthcare providers and health insurance companies.
Prior to HIPAA, there were no consequences if a patient’s personal and confidential information was leaked to an outside source, whether intentionally or accidentally.
Now that safeguards are put in place, healthcare providers are more careful about how they handle patient information.
In addition, patients are guaranteed continuing health insurance coverage if they are to change or lose their job.
This protects the patient from an insurance lapse and a potential denial of coverage, should something occur while they are unemployed.
For healthcare providers, HIPAA has established a solid set of rules and restrictions for them to follow.
Since the same codes and identifiers are used across the board, it’s easier to bill insurance companies and follow up on claims.
Providers are also held accountable if a patient’s privacy is not upheld.
Since HIPAA laws are so strict, a majority of healthcare systems have implemented new technology to ensure patient confidentiality.
This technology has streamlined the gathering and processing of patient data, relieving some of the burden from healthcare professionals, like nurses, when managing patient’s medical records.
What are the consequences for nurses and other healthcare providers who break HIPAA guidelines?
As touched upon previously, nurses and other healthcare providers can face serious consequences for violating HIPAA guidelines.
The penalties are based upon the severity of the violation and whether or not the violation was done intentionally.
There are four tiers of violations for nurses and each tier has a potential fine attached to it (source):
- Tier 1 ($100-$50,000/$25,000 per year maximum): Was not aware of the HIPAA violation and wouldn’t have violated the rule had they been aware of it.
- Tier 2 ($1,000-$50,000/$100,000 per year maximum): The provider should have known the rule and had the proper knowledge not to violate it.
- Tier 3 ($10,000-$50,000/$250,000 per year maximum): Willfully violated the HIPAA rule but attempted to correct it within 30 days.
- Tier 4 ($50,000/$1,500,000 per year maximum): Willfully violated the HIPAA rule and made no effort to correct it within 30 days.
Not all violations come with a fine.
The Department of Health and Human Services’ Office for Civil Rights determines whether or not a fine is appropriate.
Usually, only the most severe HIPAA violations are fined.
In addition, the healthcare provider (such as a nurse) may not be personally fined, but rather the healthcare system they work for will be fined.
This is because the healthcare system is responsible for properly training all of its employees on HIPAA guidelines and, therefore, are the ones that should be held accountable.
All discovered HIPAA violations come with a consequence, called a sanction.
Sanctions can be as minor as retraining the employee on the rule they violated, to as severe as the termination of employment, fines, or imprisonment.
Criminal violations, such as willingly disclosing a patient’s personal information to an outside entity, could result in a fine plus imprisonment of up to 10 years.
What can nurses do to ensure they are following HIPAA guidelines?
Nurses should attend all required HIPAA training put in place by the healthcare system they work for.
This training should take place at the beginning of employment and periodically after employment begins.
If a nurse has any questions regarding HIPAA rules and regulations, they should bring them to their immediate supervisor.
Any violations can be reported directly online to the Office for Civil Rights (OCR) (source).
Complaints must be filed within 180 days of the HIPAA violation occurring.
Along with following all HIPAA guidelines instructed by your employer, treat all patient information the way you would want your healthcare providers to treat your personal information.
By sticking to a good moral and ethical code, you won’t be tempted to violate any HIPAA guidelines.
This means that even if you’re tempted to look up your friend or family member’s medical record, if you aren’t personally involved in treating them, then you should not.
If someone you know asks you to look up a patient’s records for them, you should inform them of HIPAA guidelines and tell them that you are unable to assist them with their request.
HIPAA guidelines are put in place to protect all Americans, including patients and healthcare providers.
Following HIPAA guidelines and reporting any violations immediately is the best way to protect yourself.
Nurses should only access the records of the patients they are currently involved with treating to avoid violating any HIPAA guidelines.
Frequently Asked Questions
No, typically employers will require employees to request access to their own medical records. There are many reasons for this one of which is reducing the temptation for the employee to look at other patient’s medical records.