HR and Benefits

Yes! You Can View Your Medical Records and Your Family Members' – but Authorization May Be Required

Published: March 1, 2022
Privacy Profile

Methodist Health System allows employees to access their own medical records (except psychotherapy notes) without written authorization. According to Methodist’s employee access policy, employees may also access medical records of their spouse or other nondependent family members when a valid Health Insurance Portability Accountability Act (HIPAA) compliant Release of Information (ROI) authorization is scanned into the family member’s medical record.

To clarify, employees can access the medical records of their dependent children – who are under the age of 19 in Nebraska and under the age of 18 in Iowa – without their authorization. Once dependent children have reached the age of majority, they are considered adults. Therefore, a HIPAA-compliant authorization must be signed by your adult child and scanned into their medical record. Additionally, employees can access the medical records of their spouse or other family members as long as those family members each sign a HIPAA-compliant authorization and have it scanned into their medical records.

Methodist’s legal/compliance and health information management (HIM) departments collaborated to revise the ROI form. Employees requesting access to a family member’s medical record can fax the ROI form that their family member completed to (402) 354-8790. This is for employee access only.

Once the ROI is processed and scanned into the family member’s medical record, the employee will receive a confirmation email from HIM within five business days, stating you can access the medical record. The ROI is valid for only one year from the date of signature. Please mark your calendar.

Accessing Methodist’s Cerner Electronic Health Record (EHR) is a privilege and should not be taken advantage of by printing copies of your medical records, updating your medical record or scheduling appointments.

Employees are encouraged to sign up for the Methodist My Care patient portal. Methodist My Care is a secure online portal that can help you manage your health information. Please visit https://bestcare.org/patient-resources/methodist-my-care for additional information.

As a reminder, electronic medical records are audited, and violations of patient privacy can result in corrective action, including termination. HIPAA defines the circumstances in which employees can access protected health information (PHI). The primary permitted reasons for access include:

  • Treatment (employees responsible for providing, coordinating or managing patient care/treatment and related services)
  • Payment (employees responsible for payment activities)
  • Health care operations (employees responsible for quality assessment and improvement, case management, competency assurance and credentialing, compliance programs, risk or administration)

If you observe someone inappropriately accessing patient information, call the compliance hotline at 1 (877) 640-0005 (English) or 1 (800) 216-1288 (Spanish). The compliance hotline is an independent third-party service available 24 hours a day, seven days a week. Callers may remain anonymous. 

If you have questions about what constitutes appropriate access, please call Methodist privacy officer Anita Patterson, CHCO, at (402) 354-6863.