HIPAA

Good morning,
I work for a management company that is contracted to oversee some SNF's. Our IT team sent me a request from a regional consultant to give E.H.R. access to a facility employee for 5 additional facilities. The person is employed only by one facility. The facilities are "LLC" and separate NPI but have common ownership.

The regional consultant basically wants this facility employee to assist her with some audits and training. The facility employee would be paid from her own SNF.

Can we "share" the E.H.R. of facilities that this employee does not work for? I feel uncomfortable with the request. I do understand we are a bit short handed and the facility employee is actually more of an expert than the consultant and probably better at the audit. But she would have access to all resident information.

The employee is in admissions. Our E.H.R. doesn't have the best security set-up so I can't change specifically what she can access.

Any thoughts?

------------------------------
Bethanne VanderMolen
Chief Compliance Officer/Director of Risk Management
Choice Health Management Services, LLC
HICKORY,NC
------------------------------

Original Message:
Sent: 7/27/2022 9:33:00 AM
From: Bethanne VanderMolen
Subject: Employee access when not employed by the facility

Good morning,
I work for a management company that is contracted to oversee some SNF's. Our IT team sent me a request from a regional consultant to give E.H.R. access to a facility employee for 5 additional facilities. The person is employed only by one facility. The facilities are "LLC" and separate NPI but have common ownership.

The regional consultant basically wants this facility employee to assist her with some audits and training. The facility employee would be paid from her own SNF.

Can we "share" the E.H.R. of facilities that this employee does not work for? I feel uncomfortable with the request. I do understand we are a bit short handed and the facility employee is actually more of an expert than the consultant and probably better at the audit. But she would have access to all resident information.

The employee is in admissions. Our E.H.R. doesn't have the best security set-up so I can't change specifically what she can access.

Any thoughts?

------------------------------
Bethanne VanderMolen
Chief Compliance Officer/Director of Risk Management
Choice Health Management Services, LLC
HICKORY,NC
------------------------------

Original Message:
Sent: 7/27/2022 9:33:00 AM
From: Bethanne VanderMolen
Subject: Employee access when not employed by the facility

Good morning,
I work for a management company that is contracted to oversee some SNF's. Our IT team sent me a request from a regional consultant to give E.H.R. access to a facility employee for 5 additional facilities. The person is employed only by one facility. The facilities are "LLC" and separate NPI but have common ownership.

The regional consultant basically wants this facility employee to assist her with some audits and training. The facility employee would be paid from her own SNF.

Can we "share" the E.H.R. of facilities that this employee does not work for? I feel uncomfortable with the request. I do understand we are a bit short handed and the facility employee is actually more of an expert than the consultant and probably better at the audit. But she would have access to all resident information.

The employee is in admissions. Our E.H.R. doesn't have the best security set-up so I can't change specifically what she can access.

Any thoughts?

------------------------------
Bethanne VanderMolen
Chief Compliance Officer/Director of Risk Management
Choice Health Management Services, LLC
HICKORY,NC
------------------------------

Since the facilities are under common ownership, have you determined if they meet the definition of an organized health care arrangement? If so, then as an employee of one of facilities, he/she can be given access, as needed, to other records. In a similar situation, we have used a confidentiality agreement with the employee as an additional control. Our EHR allowed us to limit access.

------------------------------
Shubha Lakshmanan
Senior Director of Compliance and Privacy
Waud Capital Partners
------------------------------

Original Message:
Sent: 07-27-2022 08:32 AM
From: Bethanne VanderMolen
Subject: Employee access when not employed by the facility

Good morning,
I work for a management company that is contracted to oversee some SNF's. Our IT team sent me a request from a regional consultant to give E.H.R. access to a facility employee for 5 additional facilities. The person is employed only by one facility. The facilities are "LLC" and separate NPI but have common ownership.

The regional consultant basically wants this facility employee to assist her with some audits and training. The facility employee would be paid from her own SNF.

Can we "share" the E.H.R. of facilities that this employee does not work for? I feel uncomfortable with the request. I do understand we are a bit short handed and the facility employee is actually more of an expert than the consultant and probably better at the audit. But she would have access to all resident information.

The employee is in admissions. Our E.H.R. doesn't have the best security set-up so I can't change specifically what she can access.

Any thoughts?

------------------------------
Bethanne VanderMolen
Chief Compliance Officer/Director of Risk Management
Choice Health Management Services, LLC
HICKORY,NC
------------------------------