“Break the glass” in healthcare refers to an emergency override that lets a clinician access a patient’s electronic medical record even when they don’t have normal permission to view it. The phrase borrows from the idea of smashing the glass cover on a fire alarm: it’s a deliberate, visible act you only take when the situation demands it. In practice, it’s a feature built into electronic health record (EHR) systems that balances two competing priorities, protecting patient privacy and making sure doctors can get critical information fast enough to save a life.
How It Works in an EHR System
Hospitals and health systems restrict access to certain patient records. Not every provider can open every chart. When a clinician encounters a restricted record they need to see, the EHR presents a “break the glass” prompt instead of simply blocking access. To proceed, the user typically has to enter additional authentication and document a specific business or clinical reason for accessing that chart. This creates a clear paper trail: who accessed the record, when, and why.
The system relies on pre-staged emergency user accounts that hospitals set up in advance so they’re ready the moment they’re needed. The goal is zero delay. In clinical care, even a short wait to pull up a patient’s medication list, allergy history, or lab results can cause real harm. A physician treating an unconscious trauma patient, for example, can’t wait for an IT help desk to grant permissions.
Why Certain Records Are Restricted
Not every patient chart triggers a break-the-glass prompt. Hospitals flag specific records for heightened security, and the most common categories include:
- Hospital employees: Staff members who are also patients at the facility where they work. Without extra protection, coworkers could casually browse their medical information.
- Public figures and celebrities: High-profile patients whose records might attract curiosity-driven access.
- Behavioral health and substance abuse records: These carry additional federal privacy protections beyond standard rules.
- VIP or sensitive cases: Any patient the organization determines needs an extra layer of access control, sometimes at the patient’s own request.
When a record falls into one of these categories, the EHR adds that extra authentication step. External users, meaning providers not affiliated with the health system, face these protocols too and must document a clinical reason before viewing restricted charts.
The HIPAA Requirement Behind It
Break-the-glass functionality isn’t just a nice feature. Federal privacy law requires it. HIPAA’s Security Rule includes a specific provision on emergency access procedures, requiring healthcare organizations to “establish and implement as needed procedures for obtaining necessary electronic protected health information during an emergency.” In other words, every system that stores patient data for treatment purposes must have a tested plan for granting emergency access.
HIPAA also requires robust audit controls. Organizations must implement mechanisms that record and examine all activity in systems containing patient health information. That includes regularly reviewing audit logs, access reports, and security incident tracking. After an emergency ends, the organization is expected to verify that access has been “normalized,” meaning any temporary permissions granted during the crisis have been revoked and the access event has been reviewed by appropriate personnel.
What Happens After Someone Breaks the Glass
Every break-the-glass event generates a log entry that compliance and privacy teams review. This is what keeps the system honest. If a nurse accessed a coworker’s chart out of curiosity rather than clinical need, the audit trail will show it. The reason code the user entered at the time of access gets compared against what was actually happening clinically. Was that patient in the emergency department? Was there an active order? Did the accessing provider have any treatment relationship with the patient?
Inappropriate use carries real consequences. Depending on the organization, penalties range from formal warnings to termination to referral for a HIPAA violation investigation. The transparency is intentional. Knowing that every access is logged and reviewed discourages snooping while still keeping the door open for genuine emergencies.
Emergency Access vs. Routine Workarounds
One important distinction: break the glass is designed exclusively for emergencies and legitimate clinical need. It is not a shortcut for forgotten passwords, locked accounts, or IT issues. Organizations are clear that it should never serve as a replacement for a help desk. When staff start using emergency access routinely, it defeats the purpose. Audit teams watch for patterns, like the same user breaking the glass repeatedly, which signals either a workflow problem or potential misuse.
For patients, the system offers a meaningful layer of protection. Your most sensitive health information isn’t visible to every person with a login at your hospital. But if you arrive unconscious in an emergency room and the treating physician needs your records immediately, nothing stands in the way of your care. The access happens, it gets logged, and it gets reviewed afterward. That tradeoff, privacy with a safety valve, is exactly what the system is designed to achieve.