HIPAA Compliance & EMR Access Meeting

Vocabulary flashcards summarizing key terms, tools, and compliance concepts discussed in the lecture about HIPAA training and electronic medical record access.

HIPAA

U.S. law (Health Insurance Portability and Accountability Act) that sets standards for protecting patients’ health information.

PHI

Protected Health Information—any data about a patient’s health, treatment, or payment that can identify them.

EMR / EHR

Electronic Medical/Health Record—digital system for storing and managing patient charts.

Jane

Cloud-based EHR platform currently used by the school’s clinic for scheduling, charting, and billing.

Unified Practice

Previous EHR vendor that restricted off-campus student access, prompting the switch to Jane.

Epic

Large hospital-grade EHR noted for strict security and real-time monitoring of chart access.

Open Access

Policy allowing students to view most patient charts from any location for learning purposes.

Activity Log

Audit trail within an EHR that records which staff member opened or modified a chart.

Tiered Access

Graduated permission levels (e.g., first-year vs. fourth-year) controlling what users can view or edit.

Supervisor Role

Faculty status in the EHR that lets instructors oversee and co-sign student charts.

Preceptorship

Early clinical experience where first-year students shadow or assist senior clinicians.

Cohort

Group of students progressing through the program together (e.g., First-Year Cohort).

Disciplinary Action

Institutional consequence—such as loss of off-site access—imposed after a policy violation.

Liability

Legal responsibility the school or clinicians face if patient privacy is breached.

Secure Messaging

HIPAA-compliant in-system communication channel for contacting patients without email.

Audit

Formal review of chart access logs to detect inappropriate viewing or edits.

FERPA

Family Educational Rights and Privacy Act—protects student academic records; sibling to HIPAA.

Boundaries

Professional limits that prevent students from over-stepping (e.g., private emailing patients).

Charting in Public

Entering patient data in cafés, libraries, etc.—a practice flagged as a privacy risk.

Learning Case

Interesting patient chart accessed for educational comparison, not direct care.

Screen Shield

Physical privacy filter that blocks side-viewing of a laptop or tablet screen.

My-Eyes-Only Chart

EHR setting that restricts visibility of a specific record to designated staff only.

Front-Desk Role

EHR permission allowing appointment booking and billing tasks but limited clinical view.

Practitioner Limited

Jane user level granting minimal chart access—usually only to patients under direct care.

Supervisor Co-Sign

Faculty signature confirming review and approval of a student’s clinical note.

Code of Conduct

Document outlining acceptable behavior and the steps taken after a breach.

No-Tolerance Policy

Rule stating that any privacy violation triggers immediate, non-negotiable penalties.

Grey Area

Situation not clearly covered by existing HIPAA guidelines, requiring extra caution.

Off-Site Access

Ability to log into the clinic’s EHR from home or other non-campus locations.

IP-Restricted Login

Security measure allowing EHR access only when connected to a specific network.