POA/HIPAA violation

Nurses HIPAA

Updated:   Published

I have been a nurse for 2 years now. I really love my job. I was a medical assistant for 10 years prior. My situation is recently my mom was in my hospital. I am the POA on her. I was turned in for violating HIPPA for looking in her chart and taking photos of her CXR(by one of my peers). I have deleted photos off my phone in front of HR. I did not know I was violating HIPPA when looking in her chart because I was POA I did not think it was. My interim director phoned me and told me not to look in her chart without HIM. I stopped at that point as I did not know it was a violation up until that point. When I came back to work after being off to take care of my mom I was called into HIM and HR directors office to discuss my situation. I am awaiting corporate discussion on my outcome. I am truly regretful for having done this but honestly I had no idea it was violation with myself being POA. I do not want to loose me job. If anyone knows of anything that may help my situation if possible please let me know.

Thank you,

Caelynn

MunoRN, RN

8,058 Posts

Specializes in Critical Care.

HIPAA allows for facilities/providers to restrict how you access even your healthcare records to some degree, even though you are legally allowed access to your records.

As POA for someone else it's even more restricted, your role as POA only comes into play when your mother is unable to make decisions for herself, as long as she's her own decision maker, you don't really have full rights to her medical information without specific approval from her.

Caelynn

3 Posts

When I was doing it the dr. Had me call in family so I could change her to dnr. She was on death's door on bipap not fully mentally there for the most part. She has since made a recovery however mentally not there at times. So I am still not sure how the extent of my violation will play out. I was also the family liaison (sp)for information that when she was coherent she wanted me to convey to them. Thank you for responding

Kyrshamarks, BSN, RN

1 Article; 631 Posts

I think the big question is if you were on the clock or off the clock when doing this. I f you were off the clock then you were strictly acting as her POA and have a right and access to her records, the same as she would. If on the clock then they can make an issue of it.

Editorial Team / Admin

Rose_Queen, BSN, MSN, RN

6 Articles; 11,658 Posts

Specializes in OR, Nursing Professional Development.

Depending on your facility's policy, you may have violated their policies, regardless of if you were on the clock or not. While I have the right to review my own medical records, I must first go to the medical records office and sign a release. I would not be surprised if many other facilities have the same policy. Technically, while the information in the record is yours (or in your case, your mothers) the physical paperwork or EMR belongs to the facility. This may be where they see the issue- you didn't have their permission to view the information.

Specializes in SICU, trauma, neuro.

Generally (if not always; I'd have to look it up) the process for accessing medical records is to request them through HIM. If you weren't an employee in her hospital, you wouldn't have access to her chart through their computers. Hospital employees can't access pts' charts unless they are providing direct care. Where I work, if we have been a hospital or clinic pt, we aren't even allowed to access our own charts with Epic; we have to go through the same channels everybody else does.

I'm guessing this is their reasoning. I hope everything goes ok for you!

SouthernPoint

201 Posts

Not sure what state you are in, but in Florida we have legal POA paperwork.

Questions:

Do you have paperwork making you her legal POA?

If so, was this paperwork turned into the hospital when your mom was admitted?

Was the MD aware of a POA and did the MD give you the ok to view her medical records?

If the answer to any of the above it NO, then you could be in violation. Sorry.

Again, not knowin your state, but I know in Florida it is strict.

A couple of years ago my parent was in the hospital on a vent, in the same hospital I am a employee in. Knowing I am my parent POA, I knew what I needed to do and how I go about doing it. My parent MD had been keeping me up to date on my parents health care. The MD was the one who asked for the POA paperwork. Once I brought the paperwork in, then the MD went over everything in the chart. Never once was I allowed to be alone with the chart nor did I ever ask.

It is very hard not to cross those lines of HIPAA when you are in the medical field. Sometimes even harder when you work in the same hospital as the one your loved one is admitted in.

I know while my parent was in the hospital before my POA was activated when I would go visit. The nurses, PA's and some MD would honestly give me more information on my parents care/condition then they really should have.

Lesson should be learned. Never, ever do anything with your POA until asked and make sure you always have someone with you.

Alfi_srq

46 Posts

At our facility we are have to go through medical records to get our own records and are not allowed to just access it on the computer.

MunoRN, RN

8,058 Posts

Specializes in Critical Care.

At least in my state being the designated POA doesn't actually get you access to the patient's records. The POA only gets access when your power as POA is activated, which only occurs when the patient becomes unable to make their own decisions. Accessing someone else's records while they are still their own decision maker is a completely different process and requires separate written authorization from the patient, POA paperwork can't be used in place of that authorization.

klone, MSN, RN

14,786 Posts

Specializes in OB-Gyn/Primary Care/Ambulatory Leadership.

It totally depends on your facility's policies. It may not be a HIPAA violation, but it may be in violation of your hospital's policy on accessing records of family members. Even if you legally have the right, you still have to go through proper channels (i.e. Through your medical records department)

jadelpn, LPN, EMT-B

9 Articles; 4,800 Posts

Good rule of thumb--don't ever access any medical record for yourself or a family member--because the only way you have access is that the facility allows you to have the ability to complete your job duties by accessing the EMR.

Anything other than in the course of your patient load is unauthorized access.

As POA, and I would consult the attorney who drew up that paperwork, and your mother is unable to consent, you could go through the channels needed for her complete medical record. It also requires an MD to state that your mother is unable to consent, and it is in the record as such. There is no proof that she was ever deemed incompetent to make decisions (unless there is, however, still you need to go through correct channels.) But now that your mother is better, (and thank goodness!!) she can decide what to tell other people, make choices, etc. And she may decide for herself that she wants/doesn't want a DNR, but will have that conversation with her MD. (and you, being her voice when she doesn't have one, should try to abide by that....story for another thread, however...)

POA is different than a health care proxy, and someone can be both.

But back on topic, you would not have the access you did unless you are employed by the facility. POA or not.

Specializes in Cardiac, ER.

My hospital doesn't allow access to any records but our own, without going through med records,....including our minor childrens records! I learned the hard way! Looking up my childs strep screen results didn't violate HIPAA, but it did violate hospital policy.

+ Add a Comment