An academic medical center conducted a study to evaluate the effectiveness of email warnings on reducing repeated unauthorized access to PHI at large academic medical centers. In the study, the medical center’s PHI access monitoring system flagged unauthorized access to patients’ electronic medical records by 444 employees. The medical center sent a warning email to around half of those employees. The email stated that “the employee had been identified as having accessed a patient’s electronic medical record without a known work-related purpose and that unauthorized access is a privacy violation.”
Only 2% of employees that received such an email committed unauthorized access a second time, while 40% of employees that did not receive such an email committed such unauthorized access again. This study has highlighted how adopting the use of email warnings can reduce unauthorized access to PHI and benefit patients and health care entities.