Break glass, or sometimes known as Break-the-glass, is an alert in an electronic health record that pops up when a clinician or an end user tries to access a patient’s chart that is considered restricted. Some examples of restricted patients include government officials, celebrities, hospital employees, inmates, and psychiatric patients. When an end user “breaks the glass”, their supervisor is notified and the end user’s activity is automatically logged. Usually the end user is required to document the reason why they are trying to access that patient’s chart and also their password.
In healthcare, Break Glass refers to a procedure to enable emergency access to electronic protected health information (ePHI). It derives from the concept of the breaking the glass to trigger an alarm in the event of fire in a building or other emergency events (e.g. in public transport vehicles).
In emergent circumstances, access to information may be needed for treatment. To avoid disruptions in patient care in these emergencies, Break Glass offers a mechanism for system access which is otherwise secured by user authentication and authorization protocols. For example, in the absence of a practitioner (due to death, disability or time away) it may be necessary for other individuals (including practitioners or administrators) to access health information for patient care management. Other situations may include legitimate access issues (account problems – forgotten password; user authentication or authorization failures etc.).
The Break Glass solution includes usernames/passwords (for one-time use) that permit system access in emergent circumstances but the key requirement of HIPAA is that policies for a clear audit trail be established in place to track ePHI access. Typically, a Break Glass warning alert screen is presented to the user and inappropriate use (e.g. illegal review of a celebrity’s ePHI) is monitored.