Compliance Corner: Snooping

Published May 29, 2019

HIPAA Note On Snooping

What is Snooping? Snooping is when a workforce member accesses the record of a patient or employee for a non-job related reason, whether or not the access was malicious or out of good will. It is the inappropriate access to patient or employee records by a CAO staff, irrespective of whether those records are in paper or electronic format and regardless to whether the information acquired was used or disclosed for any reason. For example, if a CAO employee is concerned about the health or wellbeing of another employee, researches and finds the employee has been seen at CAO, views the record to find out what may be causing the behavior. This is considered snooping.

Once an employee accesses a record that does not pertain to their work responsibilities then that access is considered snooping, even if the employee does not use the information. When accessing a record for a work-related reason, employees must follow the minimum necessary standard. This means limiting access, use, disclosure or requests for protected health information to the smallest amount required to accomplish a purpose and that the information is shared only with those who have a need to know.

Employees who leave their workstations without logging off are responsible if another employee uses their login and password to access medical records. When you step away from your workstation you should always lock your computer screen or log off to prevent unauthorized accesses that could occur under your credentials.

What Are The Consequences Of Snooping? Absent very unusual circumstances, the penalty for snooping is termination. This zero-tolerance applies to:

  • Records of your spouse or domestic partner
  • Records of your siblings
  • Records of your children or grandchildren
  • Records of co-workers
  • Records of friends and neighbors
  • Records of persons of media interest

 To Help Maintain Patient Privacy And Confidentiality, Follow These Guidelines:

  • Access patient medical records only when it is required for your job.
  • Do not access medical records of co-workers, friends, family members or celebrities unless there is a job related reason.
  • Remember the minimum necessary standard: only access, use and disclose the minimum
  • necessary amount of patient protected health information to get the job done.
  • Log off/lock your computer whenever you leave your workspace

Source: UCMC