Advice about HIPAA issue

[chloelovesdisney]

Quote:

Originally Posted by Pea-n-Me

Some information "belongs to" the hospital and doesn't have to be "handed over" or shared, necessarily. It's not clear whether this would be one of these times.

It always amazes me how crystal clear people here are on HIPAA when medical and legal scholars still admit to at times being befuddled by it.


In the course of discussion and investigation, word often gets out.

I've been contacted regarding whether or not staff had legitimate reason to be in a patient's chart, it's always been made clear that it's a confidential matter.

The only patient information in a chart that I know of that isn't released to patients are incident reports. Research records may also be restricted in some cases, but that's disclosed to patients, and are kept separately from patient medical records.

Personally I don't care for the HIPAA rules and wish they would throw them out and greatly simplify them, but the government likes things complicated.

[Pea-n-Me]

Quote:

Originally Posted by MrsToad

I think it was true that not much was done by HHS and OCR in the beginning, but under HITECH, a 2009 act that strengthens HIPAA enforcement, I think enforcement may increase. Here is an article about some incidents and the results - the last example in the article may be the most similar to this situation (if the doc did snoop inappropriately). In addition, the article notes the severity of fines that can be assessed.
http://compliance.med.nyu.edu/news/d...ent-admissions

I am familiar with the HITECH Act. It clarifies some of the issues which were unclear before. (Though some still refer to it as being unclear. ) Regulators wanted something in place prior to national health care getting underway, for coordination, and they also want everyone to have electronic medical records in place in large part for tracking data. What I get from it primarily is that they want medical organizations to have strict policies, safeguards and training in place and if they don't they are subject to liability; and that although unauthorized access to a medical record in an organization - such as the situation in the OP - is addressed, they seem to be far more concerned about large scale data breaches. Penalties imposed seem to hinge in large part on whether safeguards were in place. And as previously, fines and/or discipline seems dependent on many factors; it's not always black and white. In the last example in the link above, it's funny how the doctor got priveleges suspended for two weeks but two other non-doctors got fired. That's the thing - it depends. But no, I don't think anyone would argue that inappropriate access to a medical record by a snooper is ok. I still don't know if we've discovered the answer of whether the hospital has to give up that information to the record holder (possibly); it does appear to have to be reported to the DHUS and I suppose record holders could get it that way if the hospital didn't want to give it directly. Curious to see how it works out for the OP if she comes back.

E-Med Records Privacy: A False Sense Of Security http://www.acluvt.org/blog/2012/11/1...e-of-security/

What is a Breach Under the HITECH Breach Notification Regulations http://www.americanbar.org/newslette...512_eisen.html

[npmommie]

Yes the consumer absolutely has the right to get a list of who their health record was shared with and why.
So if there is an electronic trail of who accessed info they will have to tell.

[Disney Doll]

I guess I am assuming every insitution functions like mine does, which I probably shouldn't assume.

In my institution they take possible privacy breaches very seriously. The Privacy Offier does their job in a confidential manner and does not discuss it in the cafeteria or with their work BFF. The people who need to be involved in the investigation are made very well aware of the importance of keeping the matter confidential for the reason stated above...you don't want to ruin someone's reputation by blabbing about a privacy investigation where you could find out that there is no breach.

Realisitically everyone involved in the investigation in any way is made well aware that if they breach anyone's confidentiality (patient, RN,MD or anyone else who may be subject to the investigation) by discussing the investigation outside of its "official" compact, that they are subjected to disciplinary action as well, up to and including termination.

It's pretty cut & dried that it's not information for the institution's "grapevine".

[keetmommy]

I hWope OP comes back soon and updates!

[Princess Dolly]

Quote:

Originally Posted by keetmommy

I hWope OP comes back soon and updates!

I wouldn't hold my breath.

[Caropooh]

Quote:

Originally Posted by keetmommy

I hWope OP comes back soon and updates!

Well, it will 2 weeks on THursday since she started the thread. She hasn't posted on the thread (or the DIS) since Saturday the 26th. My bets are on that she won't be updating...