Patient List Limits in Cerner EMR

Keeping confidential information private creates a trusting environment for our patients. It allows our patients to seek care and be as honest as possible during the course of their care at Methodist Health System. We are constantly looking for ways to identify best practices and strengthen our privacy program.

The privacy officer has seen an increase in employee snooping over the past year. After root cause analysis, it was identified that patient health records were inappropriately accessed from the patient lists in Cerner Powerchart in some of these incidents.

The minimum necessary requirement is a key protection of the Health Insurance Portability Accountability Act (HIPAA) Privacy Rule. The minimum necessary standard requires covered entities to limit unnecessary or inappropriate access to and disclosure of protected health information (PHI). Therefore, one way we will strengthen our privacy program is by limiting access to the patient list function in the Cerner electronic medical record (EMR). Employees will now have a limit of five patient lists available to them in Cerner.

The patient list changes will take place effective July 1, 2021. If you have an employee who can demonstrate a need to access additional patient lists in the Cerner EMR, please send an email to the MHS privacy officer. Employees should only have patient lists that are appropriate to their job tasks; please recognize that it isn't appropriate to monitor possible patient transfers or monitor other entities.

If you have any questions regarding HIPAA privacy, please contact Privacy Officer Anita Patterson at (402) 354-6863 or @email. If you have any compliance questions, please contact Chief Compliance Officer Jen Anderson at (402) 354-4091 or @email. For any technical issues, please contact the Service Desk at (402) 354-2280.