Q. May we allow employees who have been granted access to PHI through the workforce clearance procedure to access their own PHI through the electronic medical record (EMR) without first requiring them to sign a release or authorization?
A. HIPAA permits patients to access their medical and billing records. Covered entities (CE) may ask patients to sign an authorization form to obtain their records, but that is not a requirement. Organizations have the discretion to establish policies and procedures for patients who are employees to access their medical records.
Some organizations allow employees to access their own records, but require them to go through formal channels (usually the HIM department) to access records of family members, including minor children. Other organizations prohibit employees from accessing their own records, requiring them to obtain copies via formal channels.