Skip to main content
Find a DoctorGet Care Now
Skip to main content
Explore our Health System
Pay a BillContact UsAboutNews & KnowledgeMedical ProfessionalsCareers
Search

Popular Services

View All Services

Popular Locations

View All Locations

Frequent Searches

Contrast

Contact

Share

Donate

Help

Contrast

Off
On

Contact

Share

Donate

Explore this section

When is it OK to look up patients'information? Consult the HIPAA Privacy Rule 

You learn that your neighbor is in the hospital and want to know what's wrong because you're concerned. Is it OK to look up his medical record?

No, according to the Health Insurance Portability and Accountability Act's (HIPAA)'s Privacy Rule. Physicians and employees can only access a patient's protected health information (PHI) for the purposes of treatment, payment and/or healthcare operations.

Examples of inappropriate access include, but are not limited to, accessing anyone's record, including that of a family member, coworker, neighbor or VIP, out of curiosity or concern.

In addition, family members or friends cannot authorize anyone else to view their medical records. Patients may allow you to be made aware of their medical information, but this does not give you the right to access their medical records – only to have their information shared with you by the medical team or via written authorization to request a printout of their records through the Health Information Management/medical record process.

To ensure Yale New Haven Health and its physicians and employees comply with HIPAA, the health system's Office of Information Security works with the Office of Privacy and Corporate Compliance (OPCC) to conduct access audits.

These audits show who has accessed a patient's electronic health record; the OPCC determines if the access is appropriate. Employees or physicians who access confidential PHI without a legitimate reason face disciplinary action, including possible termination.

If you have any questions about HIPAA, contact the system privacy officer in the OPCC at [email protected] or 203-688-8416. During off-hours, contact the risk manager: Page the off-shift executive by calling the page operator, 203-688-3111. The OSE will reach the risk manager or attorney on-call.

Employees are also reminded that they should never release PHI, particularly to the media. If you receive a call from the media seeking any information, including a patient's condition, contact the media relations team at 203-688-2488.

The Bulletin

Archive