Epic security feature, Break The Glass, provides patient privacy protections for employees

September 23, 2020

Dear UT Southwestern Community:

We know many of you take great pride in working at UT Southwestern and the impact you’re able to make on a daily basis for our patients and the communities we serve. As an institution, we’re honored that many employees also choose to receive their health care at our hospital and clinics. When you make this extremely personal decision, please be assured our focus is to treat you with the same exceptional service as our patients – including protecting your privacy and any sensitive medical information.

To further advance these protections, we are expanding a feature within the Epic medical records system, called Break The Glass (BTG). This is a highly reliable security measure designed to help ensure that only members of health system teams with authorized reasons can access a patient’s medical records.

BTG adds to the strong patient privacy protections UT Southwestern already has in place. Beginning Sept. 28, it will be applied automatically to all employees who are new or current patients.

How does BTG work?

BTG is a security feature in Epic, the health information technology UT Southwestern uses to organize, store, and share electronic patient medical records. It acts as a pop-up that prompts individuals opening a record to first select a reason for the access and re-enter their password. BTG reminds care team members that a treatment, payment, or operational need is required to access medical records per HIPAA and UTSW policy.

Were medical records safe already?

Absolutely. This is an added protection to ensure that only members of a care team involved with treatment, payment and/or operational needs can access an employee’s health information.

Does the extra BTG protection apply whenever I receive care at UTSW?

The extra BTG security features are not triggered during an active UTSW inpatient stay. This is due to patient safety concerns and the need for members of care teams to have immediate access to medical records during a hospital stay. However, the BTG feature is applied anytime an employee receives outpatient care, including follow-up visits after a hospital stay.

How will UTSW Epic users know if BTG applies to a patient who is an employee?

Beginning Sept. 28, UTSW care teams accessing medical records of any UTSW employee will trigger a BTG alert.

Please privacyoffice@utsouthwestern.edu the UT Southwestern Privacy Office if you need additional information or have any questions.