HIPAA-compliant third party access to electronic medical records

摘要

Methods, computer systems, and computer storage media are provided for providing a third-party user HIPAA-compliant access to an electronic medical record system at a clinical site. A request for a clinical study participant list is received from the third-party user, and it is determined that the third-party user has viewing and access rights with respect to the clinical study participant list. The third-party user can select a participant on the clinical study participant list and access the participant's electronic medical record within the electronic medical record system. The electronic medical record is presented to the third-party user in a read-only view, and the third-party user is prevented from searching the EMR system for other electronic medical records.

主权项

1. One or more non-transitory computer readable media having computer-executable instructions embodied thereon that, when executed, cause a computing device to perform a method of providing an auditor of a clinical study being conducted at a clinical site access to electronic medical records (EMRs) of participants in the clinical study, wherein the clinical study participants' EMRs are stored in association with an EMR system at the clinical site, the method comprising:
receiving a request from the auditor to view a clinical study participant list for the clinical study being conducted at the clinical site, the request including a set of authorization and authentication credentials, wherein the auditor is unaffiliated with the clinical site, and wherein the auditor is responsible for ensuring that documentation provided by the clinical site regarding the clinical study is a complete and accurate reflection of information contained in the clinical study participants' EMRs; based on the set of authorization and authentication credentials, determining that the auditor is authorized to view the clinical study participant list for the clinical study; presenting the clinical study participant list to the auditor; receiving a request from the auditor to view one or more electronic medical records (EMRs) of one or more participants on the clinical study participant list, wherein the auditor does not normally have viewing rights to the one or more EMRs of the one or more participants because the auditor is unaffiliated with the clinical site; communicating the request to the EMR system at the clinical site, wherein upon receipt of the request, the EMR system determines that the auditor is authorized to view the one or more EMRs of the one or more participants; incident to communicating the request to the EMR system at the clinical site, receiving from the EMR system at the clinical site the one or more EMRs of the one or more participants in the clinical study; and presenting on a user interface associated with the auditor a read-only view of only to the one or more EMRs of the one or more participants of the clinical study.