Shouldn’t have been possible in the first place.
I have yet to see a EHR that has access restrictions that would prevent this. Instead it’s just logged and if irregular enough you get to have a hostile conversation that could lead to this.
Edit:
Haim, a Dallas surgeon, previously had done some work at Texas Children’s Hospital as part of his residency. The indictment against Haim alleges that in 2023, he asked to reactivate his login there to access information on pediatric patients not under his care, including names, attending physicians and treatment codes, then turned over the information to a media contact.
Okay, that’s just dumb. Texas Children’s Hospital is going to get fucked over this. Not only did he not have admitting privileges, he didn’t even fucking remotely work there. This isn’t just a HIPPA violation, it’s straight up fraud.
Yeah when I read that I was like, so all I have to do to get medical records is call and ask? Like I don’t even have to have any affiliation apparently.
In my experience working hospital IT medical providers can get away with a lot more shit because people try to expedite things for them so they don’t have interruptions caring for patients. The places I worked had processes in place to prevent this sort of thing but I had a fuckload of arguments with various middle managers trying to bypass those when a provider bitched that they didn’t get what they wanted right away.