Will ex have access to my medical records?
April 11, 2019 12:11 PM Subscribe
I divorced my spouse a few years ago. He was and is a medical professor who sees patients at Regional Medical Center. Unsurprisingly, I was a patient at Regional myself. When I severed ties with Ex, I thought it best to sever ties with Regional, too. So I started seeing a doctor at a primary care clinic affiliated with County Hospital.
Okay. Fast forward to a couple of weeks ago. I'm at the aforementioned doctor, getting a check-up. When she’s taking my history, she mentions that if I’d just waited another month before making my appointment, she’d have been able to access my medical records from Regional directly, online. How that? It turns out that both the primary care clinic and County Hospital are shortly to join the burgeoning Regional Medical Center family.
So, my doctor’s hospital is marrying the hospital of the doctor I divorced, so to speak. Here’s what troubles me: if the marriage of County and Regional means that my current doctor will now have direct access to my pre-divorce medical records from Regional—which is a-okay—it means that my Ex will now have direct access to my post-divorce medical records from County—which is about as okay as Ebola.
Or will he have access? If the answer is No, I’m fretting over nothing.
But if the answer is a qualified or unqualified Yes, that will not be tolerable.* I will need ideas for what to do.
So, if anyone works in a hospital and knows the ins and outs of medical record access—who has access, and under what conditions, etc.—I’d appreciate your insights.
* This footnote was to explain why, but I deleted it, since it may not be necessary, depending on the replies.
Okay. Fast forward to a couple of weeks ago. I'm at the aforementioned doctor, getting a check-up. When she’s taking my history, she mentions that if I’d just waited another month before making my appointment, she’d have been able to access my medical records from Regional directly, online. How that? It turns out that both the primary care clinic and County Hospital are shortly to join the burgeoning Regional Medical Center family.
So, my doctor’s hospital is marrying the hospital of the doctor I divorced, so to speak. Here’s what troubles me: if the marriage of County and Regional means that my current doctor will now have direct access to my pre-divorce medical records from Regional—which is a-okay—it means that my Ex will now have direct access to my post-divorce medical records from County—which is about as okay as Ebola.
Or will he have access? If the answer is No, I’m fretting over nothing.
But if the answer is a qualified or unqualified Yes, that will not be tolerable.* I will need ideas for what to do.
So, if anyone works in a hospital and knows the ins and outs of medical record access—who has access, and under what conditions, etc.—I’d appreciate your insights.
* This footnote was to explain why, but I deleted it, since it may not be necessary, depending on the replies.
So, yes he would be able to see them, but if he looks at them he may he in danger of losing his job/license due to HIPAA violation.
It's not legal for him to look at your records and electronic health records have tracking for who accesses every record.
I would contact the privacy office at County Hospital and ask if there's any sort of flag they can put on your account.
posted by MadMadam at 12:27 PM on April 11, 2019 [20 favorites]
It's not legal for him to look at your records and electronic health records have tracking for who accesses every record.
I would contact the privacy office at County Hospital and ask if there's any sort of flag they can put on your account.
posted by MadMadam at 12:27 PM on April 11, 2019 [20 favorites]
He will likely be able to access them. It will be illegal for him to do so. If you are worried about him accessing them even if it is illegal (and like, really quite illegal, not jaywalking illegal) then I suggest you find a small, unaffiliated private practice doctor.
Incidentally, my husband recently went to urgent care at [regional medical network A] and then the next day went to the hospital of [regional medical network B], which we thought were completely unaffiliated, but the record of his urgent care visit was immediately available at the hospital, so if it's really "he will act illegally to see my records", I'm going to double down on you using a small, private practice, maybe still-uses-paper-only doctor.
posted by brainmouse at 12:29 PM on April 11, 2019 [5 favorites]
Incidentally, my husband recently went to urgent care at [regional medical network A] and then the next day went to the hospital of [regional medical network B], which we thought were completely unaffiliated, but the record of his urgent care visit was immediately available at the hospital, so if it's really "he will act illegally to see my records", I'm going to double down on you using a small, private practice, maybe still-uses-paper-only doctor.
posted by brainmouse at 12:29 PM on April 11, 2019 [5 favorites]
Best answer: Healthcare IT guy here.
The answer is he will probably have access to it. Doesn't mean he can legally access it though.
However, depending on the system the hospital network uses, access is most likely audited and there are often flags in place if someone accesses a family member's records. If your last names are the same that could be a flag.
If you're really concerned I would call the compliance department of the main hospital, explain your concern, and see if they can put any sort of block or flag in place so that if your spouse does access it somebody somewhere gets an alert. That could be enough to get them disciplined or fired should they look it up. With HIPAA in place hospitals take this stuff very seriously now.
posted by bondcliff at 12:33 PM on April 11, 2019 [54 favorites]
The answer is he will probably have access to it. Doesn't mean he can legally access it though.
However, depending on the system the hospital network uses, access is most likely audited and there are often flags in place if someone accesses a family member's records. If your last names are the same that could be a flag.
If you're really concerned I would call the compliance department of the main hospital, explain your concern, and see if they can put any sort of block or flag in place so that if your spouse does access it somebody somewhere gets an alert. That could be enough to get them disciplined or fired should they look it up. With HIPAA in place hospitals take this stuff very seriously now.
posted by bondcliff at 12:33 PM on April 11, 2019 [54 favorites]
Addendum to my answer: Depending on what type of sharing of medical records you might have to opt in to sharing.
If County Hospital is becoming an affiliate of Regional Medical Center and they are going to share an electronic medical record then you can't really opt in, but if County is just joining a sharing program then you have to opt in.
Like the organization I work for has many affiliates and we all use 1 version of a health record, but we can also access health data from other organizations if patients have signed a form saying it's okay.
Either way, would totally contact the privacy office and tell them about your concerns.
posted by MadMadam at 12:35 PM on April 11, 2019 [2 favorites]
If County Hospital is becoming an affiliate of Regional Medical Center and they are going to share an electronic medical record then you can't really opt in, but if County is just joining a sharing program then you have to opt in.
Like the organization I work for has many affiliates and we all use 1 version of a health record, but we can also access health data from other organizations if patients have signed a form saying it's okay.
Either way, would totally contact the privacy office and tell them about your concerns.
posted by MadMadam at 12:35 PM on April 11, 2019 [2 favorites]
Yes, he could access your records, though not legally, as has been mentioned. Every click within an electronic medical record system is logged, so he would leave a trail of illegal access. You probably have an idea of whether the law is enough of a deterrent for him.
Regarding possible flags that can be put on your account -- The record system used in my hospital (EPIC) includes a 'break-the-glass' feature, which is an extra level of security applied to specific patient health records, often those of celebrities, people injured in the course of some kinds of crime, and hospital employees. Anyone attempting to access one of these records is required to indicate their need for access and re-enter their personal password. All access to these records is regularly audited.
posted by strivesc at 12:41 PM on April 11, 2019 [13 favorites]
Regarding possible flags that can be put on your account -- The record system used in my hospital (EPIC) includes a 'break-the-glass' feature, which is an extra level of security applied to specific patient health records, often those of celebrities, people injured in the course of some kinds of crime, and hospital employees. Anyone attempting to access one of these records is required to indicate their need for access and re-enter their personal password. All access to these records is regularly audited.
posted by strivesc at 12:41 PM on April 11, 2019 [13 favorites]
Federal rules make have pushed medical practices (small mom and pop and big huge medical complexes) to get into electronic medical records. Hospitals and practices have figured out that the easiest way to exchange information on mutual (or potentially mutual) patients is by linking their electronic record availability.
Echoing those above. In the scenario you described, if your new doctor can see your medical records from Regional, then your ex can probably see those from County as well. Now, is he allowed to? NO (capital N capital O), not without your permission. And as mentioned, this is a big deal if violated. Big deal to the medical provider (nurse, NP, PA, physician, tech) and big deal to the Hospital. Like, security walking you out of the hospital immediately, hospital getting huge fines per violation, never ever do unless you want to risk your career big deal.
Different hospitals have different ways to ensure that your chart isn't accessed and some will allow you to know who accessed your chart and when and why. Talk to someone at Regional Medical in their IT Department, express to them your concerns. They take privacy very seriously, as they should, and they are there to make sure your records stay yours, and not for someone's curiosity.
posted by defenestrated at 12:41 PM on April 11, 2019 [2 favorites]
Echoing those above. In the scenario you described, if your new doctor can see your medical records from Regional, then your ex can probably see those from County as well. Now, is he allowed to? NO (capital N capital O), not without your permission. And as mentioned, this is a big deal if violated. Big deal to the medical provider (nurse, NP, PA, physician, tech) and big deal to the Hospital. Like, security walking you out of the hospital immediately, hospital getting huge fines per violation, never ever do unless you want to risk your career big deal.
Different hospitals have different ways to ensure that your chart isn't accessed and some will allow you to know who accessed your chart and when and why. Talk to someone at Regional Medical in their IT Department, express to them your concerns. They take privacy very seriously, as they should, and they are there to make sure your records stay yours, and not for someone's curiosity.
posted by defenestrated at 12:41 PM on April 11, 2019 [2 favorites]
Just as a data point there was a nurse in the UK who was having a look at her tinder dates NHS records and she got in BIG trouble. So I definitely think your ex husband would know he could get caught and wouldn’t probably look. If she got caught looking at people she wasn’t connected to then he could certainly get caught looking at yours. He knows people keep track of these things.
posted by catspajammies at 1:10 PM on April 11, 2019 [1 favorite]
posted by catspajammies at 1:10 PM on April 11, 2019 [1 favorite]
One thing you haven't mentioned is whether you and your ex ever shared or still share health insurance, and specifically if he's the subscriber and you're insured under "his" plan. This may give him another access route for some levels of information that you would need to be explicit about preventing with current providers.
posted by cocoagirl at 1:19 PM on April 11, 2019
posted by cocoagirl at 1:19 PM on April 11, 2019
Call Regional. Talk to the Ombudsperson. Ask them to tell you how the medical records system documents access to your records, and how you can have your record flagged for any additional auditing or security.
I'm in Maine. President Bush, Sr. went to Maine Medical Center one time. Somebody accessed his records, was promptly identified, fired. Privacy of records is and should be, a huge deal.
posted by theora55 at 1:28 PM on April 11, 2019 [3 favorites]
I'm in Maine. President Bush, Sr. went to Maine Medical Center one time. Somebody accessed his records, was promptly identified, fired. Privacy of records is and should be, a huge deal.
posted by theora55 at 1:28 PM on April 11, 2019 [3 favorites]
Regarding possible flags that can be put on your account -- The record system used in my hospital (EPIC) includes a 'break-the-glass' feature, which is an extra level of security applied to specific patient health records, often those of celebrities, people injured in the course of some kinds of crime, and hospital employees. Anyone attempting to access one of these records is required to indicate their need for access and re-enter their personal password. All access to these records is regularly audited.
Yes, this exactly. Call the privacy office and ask for your account to be flagged.
posted by ThePinkSuperhero at 1:55 PM on April 11, 2019 [14 favorites]
Yes, this exactly. Call the privacy office and ask for your account to be flagged.
posted by ThePinkSuperhero at 1:55 PM on April 11, 2019 [14 favorites]
Just to add on how serious this is: health professionals are not allowed to access their own medical records. Computers can and will audit, especially if there is a flag on the chart, and it's a fireable, potentially license-losing offense. When I was a student, shortly after the EMR went live, a few residents were dismissed after accessing the chart of a faculty member. Hospitals take this sort of thing very seriously. The ombuds or patient advocate can help you ID who to speak to about getting your chart flagged (probably both medical records and health IT)
posted by basalganglia at 2:07 PM on April 11, 2019 [2 favorites]
posted by basalganglia at 2:07 PM on April 11, 2019 [2 favorites]
I spoke to a medical social worker about this concern during my divorce because my ex liked to follow me to my doctor's appointments and stuff. She had a note add to my files and was helpful about it because it happens fairly often - you aren't alone at all and the admin or privacy people should have a standard procedure for this.
Look into your medical power of attorney so that if you get in a serious incident he can't turn up at a hospital and bully his way in. A friend has her situation set up so that if she is warded, her estranged parents are blocked from visiting or notification.
posted by dorothyisunderwood at 3:45 PM on April 11, 2019 [4 favorites]
Look into your medical power of attorney so that if you get in a serious incident he can't turn up at a hospital and bully his way in. A friend has her situation set up so that if she is warded, her estranged parents are blocked from visiting or notification.
posted by dorothyisunderwood at 3:45 PM on April 11, 2019 [4 favorites]
I worked for the Health Insurance Commission in Australia and certain people (staff included) could put a block on their accounts so that only senior managers could authorise access. You could ask hospital administrators if such a thing exists. It stops internal snooping as well as exes.
posted by taff at 4:58 PM on April 11, 2019 [2 favorites]
posted by taff at 4:58 PM on April 11, 2019 [2 favorites]
Hospitals and insurance companies are not new to segregating sensitive information as they are part of some relationship violence and stalker cases (not that it’s your situation) where information needs to be separated and kept private, in addition to adult-autonomy issues. Another way of framing this would be to ask how to get a.report of everyone who has accessed your records.
posted by childofTethys at 8:25 PM on April 11, 2019 [2 favorites]
posted by childofTethys at 8:25 PM on April 11, 2019 [2 favorites]
Agree, if it’s Epic/MyChart which they’re using, he technically can probably access them and if he does, they’ll catch it on audit and fire him for it. The hospital system I work for takes this very seriously and has terminated people for the offenses listed above (viewing family/friend/colleague records). Call medical records or the help desk or compliance, explain your concerns and they may be able to tighten security on your records more, or flag it for even more auditing. We get training on not doing this annually, so hopefully he’s not going to try to look.
posted by OneSmartMonkey at 8:47 PM on April 11, 2019 [3 favorites]
posted by OneSmartMonkey at 8:47 PM on April 11, 2019 [3 favorites]
Can you switch to a private practice unaffiliated with either system, just to cover your bases?
posted by 41swans at 4:00 AM on April 12, 2019
posted by 41swans at 4:00 AM on April 12, 2019
Response by poster: Thanks for your answers. The information is very helpful. It's good to know that privacy is taken so seriously. Given Ex's position, I know he will be very aware of that. With that thought in mind, I'm leaning towards doing nothing at present except for finding out how I can access the records of who has accessed my records. If I ever see Ex's name on the list, I'll deal with it at that point.
posted by Transl3y at 2:43 AM on April 13, 2019 [2 favorites]
posted by Transl3y at 2:43 AM on April 13, 2019 [2 favorites]
This thread is closed to new comments.
That being said, you don’t provide too much information about why you’re concerned. Would he be willing to break the law to access your medical records? If so, then the question is more complicated and depends on his technical ability to access records given his position and how the hospital group organizes its files.
I think the best solution is to have as candid a conversation with your doctor as possible about your concerns.
posted by sallybrown at 12:26 PM on April 11, 2019 [9 favorites]