Who is liable when HIPAA is breached? I've been looking everywhere and cannot seem to find the answer to it. I know if an individual knowingly breached HIPAA they can incur a fine, but I'm not sure what happens when there is an unknown breach of HIPAA, such as someone leaving their screen up and walking away.
Sep 13, '13
There's a whole HIPAA forum, but the brief answer is, it depends. There's a difference between the hospital policy breach where PHI is inadvertently exposed to a staffer who knows enough to shut it down but it goes no further and no one is harmed (this can get you reprimanded or fired by an employer) and the breach of PHI where it gets out to where it REALLY shouldn't be, and someone is damaged by the release (this gets the hospital a big fine from the Feds).
Some idiot who takes a picture of a patient and puts it on FB will get fired. His/her employer will get fined, because the Feds look at him/her as an employee who ought to have been taught better or supervised better, and that's the employer's fault.
That's a real quick and dirty, but I hope it helps you think about how it works.Do go to the Nursing>HIPAA forum and look at the stickie at the bottom for more info and links to the HIPAA FAQs. They'll help you.
Sep 14, '13
Welcome to AN! The largest online nursing community!
moved to HIPAA forum for best response
Sep 14, '13
Quote from AOttinger
I know if an individual knowingly breached HIPAA they can incur a fine, but I'm not sure what happens when there is an unknown breach of HIPAA, such as someone leaving their screen up and walking away.
The example you give is not an "unknown" breach. Every hospital I've worked at since the advent of computers in healthcare (yes, I do predate them
) has spelled out in plain English and stressed repeatedly during orientation that you are personally and completely responsible for whatever happens under your log-in
. If you choose to walk away from a computer without shutting down the screen and logging out, you are responsible and will be held accountable for whatever anyone else does on the computer under your log-in. That would include someone accessing protected information to which s/he is not entitled.
Get in the habit of always practicing good "computer hygiene."
Sep 14, '13
Thanks! I'm also a nurse and thought this was the correct answer, however, I was doing homework and thought there might be another answer that was correct. Thank you for your input!
Sep 15, '13
Both of these answers are correct and give you a wider perspective, I hope.
Must Read Topics