By Daniel Fabbri, CEO of Maize Analytics,
Assistant Professor of Biomedical Informatics
and Computer Science at Vanderbilt University
Clinical researchers require access to electronic medical records (EMR) for chart review. However, ensuring that researchers do not overstep and access data not associated with a research study is challenging.
Hospital privacy and compliance officers are responsible for monitoring employee access to the EMR to ensure appropriate use. Auditing employee accesses typically involves determining how an employee is involved with a patient’s treatment, payment or operations. If the officer can determine the employee’s association, the access is likely appropriate. But researchers are inherently not part of care teams and their accesses can appear to be random. Thus, it is extremely difficult to differentiate appropriate versus inappropriate research accesses. [Read more…]