What should be considered when granting access to a HCIS? How should we as a facility come to our conclusion?

Most, if not all, HCIS systems have an access granting component. When granting access to end users, facilities should take into consideration their current practices, patient care flows, roles of the end users, as well as current HIPAA guidelines. One area of universal concern is access to behavioral health patient information. Within the continuum of patient care, it appears to make sense for care providers to have full access to these patients, but do they need access after the patient leaves their direct care? This level of need is one of the defining factors of granting access. For instance, take a case of a behavioral health patient admitted from the emergency department. Once the patient leaves the ED, providing the care practices support completion of the chart at the end of the ED visit, reasonably there should not be further need for the ED physician to still access the chart of the admitted behavioral health patient. The staff who now need access to that patient information are the behavioral health staff. Careful documentation of roles, work flows and review of information access policies will help facilities come to sound conclusions regarding end user access to confidential patient information, and should be a major task of any HCIS project plan.

Mary Helen Thome
Director, MEDITECH Services Division
http://www.inteck-inc.com/meditechservices.htm