Disney Information Station Logo

Go Back   The DIS Discussion Forums - DISboards.com > Just for Fun > Community Board
Find Hotel Specials & DIScounts
 
facebooktwitterpinterestgoogle plusyoutubeDIS UpdatesDIS email updates
Register Chat FAQ Tickers Search Today's Posts Mark Forums Read





Reply
 
Thread Tools Rate Thread Display Modes
Old 01-28-2013, 06:17 PM   #211
Pea-n-Me
Survivor
Call me crazy but I prefer the single bath
Nothing beats the Magic of a Disney Resort!
Will DIS from the Potty
Alice, how's it hanging?
 
Pea-n-Me's Avatar
 
Join Date: Jul 2004
Location: MA
Posts: 22,408

Quote:
Originally Posted by burnurcomputer View Post
Because its *your* health information and you have right to ask for a copy of your records and a record of those who have access to it. Its actually a part of HIPPA to protect the pt. and for the pt. to have full access and knowledge (or block) who can and can't see the health information. Privacy and portability are both part of the act. You have right to know where and when and who has seen your info.
Quote:
Originally Posted by Bukalwew11
People who seem to know say that as a patient, it is your right to know. I have no idea what page this was discussed on but it is back there somewhere.
I don't know if that information belongs to the patient, or the hospital.

Some hospital information is only given out by supoena.

I don't know that one could just waltz in and ask for the information as described in this thread, or that the hospital would be required to hand it over. Doesn't it put them in a somewhat precarious situation, for one thing? What if someone decided to go to the media, say, about this? Or file suit?

Hospitals protect their information, although they could still take action if there was a violation. But they would obviously have to know Dr. Mom's name.
__________________



Post your best iPhone/smartphone pictures here!

All Star Music 2001/Polynesian Lagoon View Concierge 2002/Contemporary 2003/Disney Wonder 2003/Yacht Club and Disney Wonder 2004/Pop Century 2005/Dolphin and Pop Century MNSSHP 2005/Disney Magic and Pop Century 2006/Coronado Springs MNSSHP 2006/Dolphin and Disney Wonder 2007/Port Orleans Riverside 2008/Caribbean Beach 2009/Dolphin and Animal Kingdom Lodge Concierge 2011/Grand Floridian and Dolphin, MNSSHP 2013
Pea-n-Me is offline   Reply With Quote
Old 01-28-2013, 08:02 PM   #212
MrsToad


Mouseketeer
 
MrsToad's Avatar
 
Join Date: Feb 2003
Location: CT & BCV
Posts: 1,074

Quote:
Originally Posted by Pea-n-Me View Post
I don't know if that information belongs to the patient, or the hospital.

Some hospital information is only given out by supoena.

I don't know that one could just waltz in and ask for the information as described in this thread, or that the hospital would be required to hand it over. Doesn't it put them in a somewhat precarious situation, for one thing? What if someone decided to go to the media, say, about this? Or file suit?

Hospitals protect their information, although they could still take action if there was a violation. But they would obviously have to know Dr. Mom's name.
It is a specific right under HIPAA that a patient may request an accounting of parties to whom health care information has been disclosed outside the organization, and the hospital or practice must comply in most circumstances (psychotherapy notes, for instance, may sometimes be excluded). The part I'm not so sure of is whether the hospital has to give you a list of everyone within their organization who accessed your record. However, hospitals HAVE been fined when security audit trails confirmed someone on their staff looked at the record of a celebrity, so improper viewing is a serious issue for any hospital.

Another specific patient right under HIPAA is the ability to file a privacy complaint and to have that complaint investigated by the Privacy Officer. So, with both of these rights combined, the OP could, theoretically, file a privacy complaint stating she is concerned someone accessed her sons record without a legitimate reason, even if the hospital doesn't initially agree to show her the access list. The hospital, as part of their investigation, would see the doc's name on the list if she did view the record, recognize that she shouldn't have needed access under "minimum necessary" access rules, and take action, all without the OP providing the doc's name. If no names are outside the scope of this patient's care, cased closed.

Last edited by MrsToad; 01-28-2013 at 08:09 PM.
MrsToad is offline   Reply With Quote
|
The DIS
Register to remove

Join Date: 1997
Location: Orlando, FL
Posts: 1,000,000
Old 01-28-2013, 08:53 PM   #213
MScott1851
Got a link for those Trip Reports? ;)
Type A Travel Planner
I'm a complete sucker for a drop dead gorgeous dress and strappy heels
 
MScott1851's Avatar
 
Join Date: Jun 2002
Location: Memphis, TN but still an Alabama girl at heart!!
Posts: 3,200

Well, I'm tired of discussing HIPAA, I just want to know whether the other girls' mom accessed the info or not! (Sad to say, being a doctor doesn't mean you don't make stupid decisions.)

OP, hope your son is back to his old self.
__________________
MScott1851 is offline   Reply With Quote
Old 01-28-2013, 09:17 PM   #214
phorsenuf
Not so New Rule author on the DISSome discuss it calmly and some ...
Grandma Oboe
 
phorsenuf's Avatar
 
Join Date: Feb 2003
Location: Concord NH and now Davenport FL. Home to meth addicts and dislocated cowboys I'm told.
Posts: 18,720

Quote:
Originally Posted by MScott1851 View Post
Well, I'm tired of discussing HIPAA, I just want to know whether the other girls' mom accessed the info or not! (Sad to say, being a doctor doesn't mean you don't make stupid decisions.)

OP, hope your son is back to his old self.
I just want to say how nice it is to see you here again. It's been a long time! What a cutie pie in your signature!
__________________
Etsy:BlueBayouDesigns
phorsenuf is offline   Reply With Quote
Old 01-29-2013, 10:16 PM   #215
chloelovesdisney
DIS Veteran
 
chloelovesdisney's Avatar
 
Join Date: Jul 2007
Location: New York
Posts: 6,334

Quote:
Originally Posted by Pea-n-Me View Post
Why do people assume the hospital is just going to hand over a list of all the people who accessed the chart? Isn't that in itself a violation of HIPPA?
No. HIPAA is to protect the patient, it doesn't protect the practioners.
__________________

chloelovesdisney is offline   Reply With Quote
Old 01-29-2013, 10:27 PM   #216
chloelovesdisney
DIS Veteran
 
chloelovesdisney's Avatar
 
Join Date: Jul 2007
Location: New York
Posts: 6,334

Quote:
Originally Posted by DisneyATlast View Post

I also find it interesting that so many people are willing to believe that Dr. Mom violated HIPAA, but at the same time they are adamant that a Privacy Officer is bound by laws that will obligate them to treat her inquiry with the utmost level of confidentiality.
A Privacy Officer's job is all about enforcing confidentiality and protecting patient information. While healthcare workers are trained in the rules, their jobs are to provide patient care.
__________________

chloelovesdisney is offline   Reply With Quote
Old 01-30-2013, 12:23 AM   #217
Disney Doll
DIS Security Matron
 
Disney  Doll's Avatar
 
Join Date: Nov 2000
Location: Too far from WDW!! :(
Posts: 29,019

Quote:
Originally Posted by Pea-n-Me View Post
Don't disagree. But my point was that in the course of his or her job, the Privacy Officer will be discussing this with various people and that in and of itself could be damaging to Dr. Mom's reputation if it's true. I doubt either Dr. Mom or the Privacy officer would jeopardize their jobs by "gossiping".
And I would assume that the people the Privacy Officer discusses it with would understand the importance of confidentiality as well...HR, Nurse Managers, the physician's manager.
__________________
Disney Doll
Prepare your child for the path, not the path for your child.
Stop telling your God how big the storm is. Instead, tell the storm how big your God is.
It's time to put on your big girl panties and deal with it!
Don't be so open-minded that your brains fall out.
There's no pill that cures stupid.
He is your friend, your partner, your defender, your dog.
You are his life, his love, his leader.
He will be yours, faithful and true, to the last beat of his heart.
You owe it to him to be worthy of such devotion.
~~In loving memory of Teddy~~1994-2007~~
Disney  Doll is offline   Reply With Quote
Old 01-30-2013, 01:46 AM   #218
horseshowmom
DIS Veteran
 
horseshowmom's Avatar
 
Join Date: Jul 2000
Posts: 10,307

Quote:
Originally Posted by FlyingDumbo View Post
I work in a health care facility and people do this all the time. People get fired at least once a year for nosing into someone else's business. Yes, everyone knows not to do it. But it happens everyday. Not everyone gets fired for it, unless a complaint is filed. So I would not be shocked by an MD doing it, I've seen it happen more than once.

File your complaint, it is easy enough to check if she accessed it. She will get fired if she did. And she deserves to get fired. Everyone knows the rules.
Absolutely! I'm not going into detail, but I personally know of a high ranking hospital official (a doctor but in a higher level position) who recently lost their job for doing this very thing. The individual accessed the records, and someone else was made aware of it. A complaint was filed. When the records were checked, it was documented that this person accessed the records.

The individual was fired immediately. I can't imagine risking the salary and prestige this person had, but they did it nonetheless.
horseshowmom is offline   Reply With Quote
Old 01-30-2013, 01:59 AM   #219
TwingleMum
DIS Veteran
 
TwingleMum's Avatar
 
Join Date: Dec 2002
Location: New York
Posts: 6,375

Op~ did you ever file a complaint? Did you find out it the girl's Mom accessed your DS's records???
TwingleMum is offline   Reply With Quote
Old 01-30-2013, 06:53 AM   #220
Pea-n-Me
Survivor
Call me crazy but I prefer the single bath
Nothing beats the Magic of a Disney Resort!
Will DIS from the Potty
Alice, how's it hanging?
 
Pea-n-Me's Avatar
 
Join Date: Jul 2004
Location: MA
Posts: 22,408

Quote:
Originally Posted by chloelovesdisney View Post
No. HIPAA is to protect the patient, it doesn't protect the practioners.
Some information "belongs to" the hospital and doesn't have to be "handed over" or shared, necessarily. It's not clear whether this would be one of these times.

It always amazes me how crystal clear people here are on HIPAA when medical and legal scholars still admit to at times being befuddled by it.

Quote:
Originally Posted by Disney Doll View Post
And I would assume that the people the Privacy Officer discusses it with would understand the importance of confidentiality as well...HR, Nurse Managers, the physician's manager.
In the course of discussion and investigation, word often gets out.
__________________



Post your best iPhone/smartphone pictures here!

All Star Music 2001/Polynesian Lagoon View Concierge 2002/Contemporary 2003/Disney Wonder 2003/Yacht Club and Disney Wonder 2004/Pop Century 2005/Dolphin and Pop Century MNSSHP 2005/Disney Magic and Pop Century 2006/Coronado Springs MNSSHP 2006/Dolphin and Disney Wonder 2007/Port Orleans Riverside 2008/Caribbean Beach 2009/Dolphin and Animal Kingdom Lodge Concierge 2011/Grand Floridian and Dolphin, MNSSHP 2013
Pea-n-Me is offline   Reply With Quote
Old 01-30-2013, 07:11 AM   #221
Pea-n-Me
Survivor
Call me crazy but I prefer the single bath
Nothing beats the Magic of a Disney Resort!
Will DIS from the Potty
Alice, how's it hanging?
 
Pea-n-Me's Avatar
 
Join Date: Jul 2004
Location: MA
Posts: 22,408

Quote:
Originally Posted by MrsToad View Post
It is a specific right under HIPAA that a patient may request an accounting of parties to whom health care information has been disclosed outside the organization, and the hospital or practice must comply in most circumstances (psychotherapy notes, for instance, may sometimes be excluded). The part I'm not so sure of is whether the hospital has to give you a list of everyone within their organization who accessed your record. However, hospitals HAVE been fined when security audit trails confirmed someone on their staff looked at the record of a celebrity, so improper viewing is a serious issue for any hospital.

Another specific patient right under HIPAA is the ability to file a privacy complaint and to have that complaint investigated by the Privacy Officer. So, with both of these rights combined, the OP could, theoretically, file a privacy complaint stating she is concerned someone accessed her sons record without a legitimate reason, even if the hospital doesn't initially agree to show her the access list. The hospital, as part of their investigation, would see the doc's name on the list if she did view the record, recognize that she shouldn't have needed access under "minimum necessary" access rules, and take action, all without the OP providing the doc's name. If no names are outside the scope of this patient's care, cased closed.
I can agree with most of this. The bolded, I'm not sure about. Hospitals can get fined for things that fall under the jurisdiction of the DPH. These are usually Sentinel Events and major violations, and are thankfully rare. I don't know that anyone from outside the hospital investigates unauthorized medical record access on a small scale. It's possible, but I'm not sure. Each hospital has their own Legal department that deals with such matters.

ETA Looking around myself it appears that privacy breeches fall under federal guidelines and on a large scale are investigated by the Dept of Health and Human Services Office of Civil Rights, but in reality, not much is done. States may (or may not) be taking matters into their own hands.

Quote:
Privacy experts say many physicians haven't done much beyond drafting a policy, and enforcement of HIPAA's privacy and security rules has been virtually nonexistent. Enforcement is the responsibility of the Office of Civil Rights, which receives no budget for enforcement activities.

http://www.ama-assn.org/amednews/200...1/bisa1201.htm
Quote:
Protecting yourself

Philip H. Lebowitz, a HIPAA lawyer and partner with Philadelphia-based Duane Morris LLP, said health care entities are unlikely to face criminal sanctions if they have adequate protections in force or are unaware of an unlawful disclosure by an employee.

"If the clinic were on notice or didn't do anything [about the breach], that would potentially cross the line," he said.

Northeast Arkansas Clinic CEO Jim Boswell said the facility has "stringent policies in place to deal with HIPAA violations."

After receiving a complaint from the patient involved, the clinic conducted an internal investigation and immediately terminated Smith, he said. The clinic staff also worked with federal authorities in their probe.

"We will continue to educate and reinforce to our employees the importance of maintaining patient confidentiality," Boswell said.

Even if spared from criminal prosecution, without careful privacy controls, doctors or other covered entities could incur federal civil penalties for being negligent, Lebowitz added. However, the Dept. of Health and Human Services has yet to impose any civil fines.

http://www.ama-assn.org/amednews/200...1/bisa1201.htm
__________________



Post your best iPhone/smartphone pictures here!

All Star Music 2001/Polynesian Lagoon View Concierge 2002/Contemporary 2003/Disney Wonder 2003/Yacht Club and Disney Wonder 2004/Pop Century 2005/Dolphin and Pop Century MNSSHP 2005/Disney Magic and Pop Century 2006/Coronado Springs MNSSHP 2006/Dolphin and Disney Wonder 2007/Port Orleans Riverside 2008/Caribbean Beach 2009/Dolphin and Animal Kingdom Lodge Concierge 2011/Grand Floridian and Dolphin, MNSSHP 2013

Last edited by Pea-n-Me; 01-30-2013 at 08:02 AM.
Pea-n-Me is offline   Reply With Quote
Old 01-30-2013, 07:39 AM   #222
Acklander
DIS Veteran
 
Join Date: Sep 2004
Location: Gypsy
Posts: 5,509

[QUOTE=Pea-n-Me;47353053

It always amazes me how crystal clear people here are on HIPAA when medical and legal scholars still admit to at times being befuddled by it.


In the course of discussion and investigation, word often gets out.[/QUOTE]

I don't think a legal scholar would be befuddled by an event where a dr from a different hospital accessed the records and then told her teen daughter the results of the tests. Even those with the vaguest of an idea of what HIPAA is, could call this one correctly.
__________________
Acklander
Acklander is offline   Reply With Quote
Old 01-30-2013, 08:11 AM   #223
dakcp2001
Am I wrong to want a cashier and bagger?
Chicken wings are his crack
 
Join Date: Jun 2007
Posts: 5,340

Waiting to hear an update on what the op did and if the other parent accessed the records or not! Let us know!
dakcp2001 is offline   Reply With Quote
Old 01-30-2013, 12:28 PM   #224
horseshowmom
DIS Veteran
 
horseshowmom's Avatar
 
Join Date: Jul 2000
Posts: 10,307

Quote:
Originally Posted by Acklander View Post
I don't think a legal scholar would be befuddled by an event where a dr from a different hospital accessed the records and then told her teen daughter the results of the tests. Even those with the vaguest of an idea of what HIPAA is, could call this one correctly.
Definitely. If somebody accesses the records who has no medical reason to do so, they will lose their job. Very simple.
horseshowmom is offline   Reply With Quote
Old 01-30-2013, 10:56 PM   #225
MrsToad


Mouseketeer
 
MrsToad's Avatar
 
Join Date: Feb 2003
Location: CT & BCV
Posts: 1,074

Quote:
Originally Posted by Pea-n-Me View Post
I can agree with most of this. The bolded, I'm not sure about. Hospitals can get fined for things that fall under the jurisdiction of the DPH. These are usually Sentinel Events and major violations, and are thankfully rare. I don't know that anyone from outside the hospital investigates unauthorized medical record access on a small scale. It's possible, but I'm not sure. Each hospital has their own Legal department that deals with such matters.

ETA Looking around myself it appears that privacy breeches fall under federal guidelines and on a large scale are investigated by the Dept of Health and Human Services Office of Civil Rights, but in reality, not much is done. States may (or may not) be taking matters into their own hands.
I think it was true that not much was done by HHS and OCR in the beginning, but under HITECH, a 2009 act that strengthens HIPAA enforcement, I think enforcement may increase. Here is an article about some incidents and the results - the last example in the article may be the most similar to this situation (if the doc did snoop inappropriately). In addition, the article notes the severity of fines that can be assessed.
http://compliance.med.nyu.edu/news/d...ent-admissions

And to agree with another poster, I can't imagine how any one person can have a full understanding of the HIPAA and HITECH acts!
MrsToad is offline   Reply With Quote
Reply



Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

facebooktwitterpinterestgoogle plusyoutubeDIS Updates
GET OUR DIS UPDATES DELIVERED BY EMAIL



All times are GMT -5. The time now is 11:30 PM.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.

Copyright © 1997-2014, Werner Technologies, LLC. All Rights Reserved.

You Rated this Thread: