So what is a Hipaa violation, anyway?

I remember the time on an elevator at work in which a couple of nurses were discussing a patient from my floor who died during a procedure (I was not one of them---they were from the procedure room). There were the 3 of us and a male, non-nurse on the elevator. By the time I returned to my floor the male was at the nurses' station making a very loud verbal complaint....the deceased patient was his in-law, and while he knew about the death, he was rightfully upset to overhear the death being discussed on the elevator. I never forgot that and avoided discussing patients anywhere outside of the floor.

That's terrible for him! I can't imagine what it would be like to hear someone discussing my family members death right after the fact.

It's true that it's really hard to communicate outside of the hospital about anything. For five years, I experienced the difficulties of trying to not communicate about work with my friends, which is hard because hey talk so much about their jobs. But my hospital recently implemented something called a HIPAA compliant messaging platform which helps us a little more in communicating with each other outside. The one we use is called qliqsoft

I am SO frightened by Hipaa, and rightfully so! I'm neurotic about never, ever mentioning anything about patients to anyone that doesn't need to know; but recently I think I overstepped my bounds, so your post and the others' responses help me.

Here's my issue: I recently met a patient who came in with a bad physical injury that shattered him, emotionally. I had him on my mind a LOT since I saw him. Recently, in my family's home, I share with them that a patient -- I didn't use his name, or anything else to id him but did identify him as "a guy" -- came in with this general injury. I didn't say anything else, but immediately thought, "oh NO -- I shouldn't have said anything!" I'm so afraid that I've disclosed confidential information now, just by stating that a guy with this general injury came in to our facility. My family has no connection to the facility, but still...I think (I HOPE) I've learned my lesson. Still mulling over whether to discuss this with my director...sigh

I would like to know if a medical assistant approached a patient in exam room and asked the patient if there is an issue between them. The medical assistant felt as if the patient was upset with her. The patient replies "yes, there's an issue" and begins to explain what the "issues" are. The medical assistant did not apologize or recognize the issues/mistakes that had taken place which caused the patient to be upset.

After the "encounter", medical assistant leaves the room, goes to the front area of the office, where two other medical assistants and receptionist sit, and proceeds to tell them what was said between the patient and medical assistant. Is that a HIPAA violation? What goes on behind closed doors should stay behind closed doors.

Another instance was the patient did not want a chaperone in the room when an exam was done. Doctor accommodated this due to their trust/relationship. The instruments/testing supplies were not set up. Doctor told the patient that the medical assistant would return to set up and he would be back in. Medical assistant did not return. Doctor walked in with the instruments/testing kits. He told the medical assistant that patient did not want her in the room. However, the patient did not specifically say a name, she just did not want anyone else in the room. Doctor did not relay that part to the medical assistant. Medical assistant goes to the front again, where the others were and said "patient did not want her in the room" during the exam. Again, is that a HIPAA violation? It's no one else's business that the patient didn't want anyone in the room. Doctor could have just said "I will handle this exam on my own".

I have seen where assistants have left the computer up with names of patients in the room for anyone to see. Assistants talk about other patients, when patients are sitting in the waiting room. Assistants call patients back giving results when other patients can hear them. Other patients hearing the information (yes, names, results, etc.) is a form of HIPAA.

What about with this new EHR's ... hospitals are owning more and more physician practices. If a patient goes to one hospital owned doctor (say an OBGYN) and 8 months later goes to an internal medicine doctor, should the patients info from the OBGYN show on the internal medicine doctor's EHR? Or the patient's portal. I understand the ease of communicating medical records from one doctor to another, but for medical information just to appear is an invasion of privacy. Patient should authorized when to release medical records.

Two both comments from RoseQueen and Esme12 - Thank you. Thank you for commenting.

You both made a comment if i was the patient. Answer - Yes I was. I started losing trust with the 5 year medical assistant about 4 years ago when she almos gave my daughter the wrong shot. My daughter goes in for her 2nd gardacil and the medical assistant "wiped her arm - pulled the cap of the needle and said "you are here for your birth control". My daughter was smart enough to say "no, I'm here for my gardacil shot". The MA put the cap back on needle and said "oh - I will be right back". She left the room and returned with gardacil. No apology, nothing. She just continued. Another mistake was I asked her spcifically that I wanted the MD to do the TB test on my son. She agreed. After the appointment, my son called and was telling me about the appointment and said that Kathy did the TB test. I said "what". That was it. I waited to say anything. But it was only two weeks later when I had to email the MA telling her not to send me test results through email. I only want to hear my results from my doctor. I went on to tell her that I told you this before and you seemed to understand the reasoning why. REason being, you dont know the answers to our questions and when we can ask the doctor, he will answer. Keep in mind this is a concierge practice, so we have him 24/7. Anyway made the comment that I was upset with her from a few weeks ago in regards to performing the TB test on my son when I specificaly ask for the doctor to do it. She said "I was only doing what I was told". I asked her "are you saying, the doctor specifically asked you to do the TB test on my son". She said "no". THen she said "we were busy and behind so I took care of it" I said "you were not busy or behind, my son had the first appointment plus it's a non-hurried office, no one should feel rushed, She just did it to throw her authority over the patient. There were other problems in calling in incorrect dosages to meds and incorrect meds. BUt, the final thing that sent me over the edge and my trust in her was gone, she answer questions over the phone for a prior authorization for a med that I needed. I found out later she knew she answered the qeustions incorrectly, but didn't say anyting. I made contact daily asking the office if they heard anything. Receptionist sad that the MD completed one and sent it in. That Saturday, I received my first denial. The denial letter didnt make sense, it was conradicting what the doctor completed on the form. Long story short --- it took 2 months and 3 appears to get presription approved. I was told it was always being denied due to what Kathy answered over the phone day one. they never looked at my doctor's completion of the form. After those incendents (which there still were others) - I kept cool -- talked only when I needed to. I was there for some pretesting, ekg, vision, hearing, etc. I actually had the appt a week earlier at 8:30am. She never showed up until 9:05, but the doctor called me back for my labs (as he draws my labs) ... Anyway --- a week later, I was back for my physical, but 30 minutes earlier for the pretesting. She took me back to the room and as we were walking in she said "I'm so glad you came back for the testing. I replied "I needed them done". Then she said "I feel there is an issue between us. Our friendship isn't the same. Is there an issue? I said "yes and I let her know the issues above, She did not say anything. She did not say "I'm sorry, I knew I was acting that way, or I'm sorry, I'm trying to do better, etc. Nothing.. she didn't say anything. She did not own up to her mistakes. She didn't remember the shot incident, but she did say "we have to verify all shots". I said "I know, but before they come for the appointments and prior to giving it, not after you wiped arm and removed the needle cap. She doensn't remember this incident. When I asked her about the TB test for the MD to take care of .. she again said "we were busy and behind". AGain I told her this is an unhurried off and luke was the first patient. On time -- office was not behind. So don't give me that crap. As far as answering the prior authorization incorrectly --no apology. I told her that if she did not know the answers, she needed to put the insurance on hold to get the doctor or ask for the form for him to complete. You don't know me -- i don' tell you my situation -- i only talk with my doctor. After all this, her last words to me were "i thought there was an issue and left the room". She went right to the front and told the receptionist and two other MA's. To me that was a privat conversation behind closed doors.

Same situation took place a few weeks later when I didn't want anyone in the room with my doctor for my exam. If I was him, I would have told her "I can handle this - no help needed", but I'm sure he said "she doens't want you in there". The thing is .. I didn't want anyone in the room, I never gave a specific name. For years I neer had anyone in the room for the different doctor's I went to and my doctor already agreed due to our trust relationship, he would honor. AGain, she goes in front and tells the others that I did not want her in the room. I just think there is a form of privacy issues.

I understand the ease of having records available for MDs and to send the info vial email, but I dont like the fact that information just appears in regards to different doctors notes. I'm all for sharing the info when the patient AUTHORIZES it, but I dont think the OBGYN needs to know what the Internal medicine doctor noted (in this case it was a cancellation appt) - never saw the doctor. Both doctors are under one hospital association, but one appt took place in 2012 and the other one lasl friday. Again the sharing of medical records is okay, but only when I say it is ... not for it just to be there. The one lady said "we never look at other info, only what pertains to us. it shouldn't appear at all then if they don't look at it. The funny thing is -- the PCP provider they had listed is a doctor that is a thorasic surgeon who i have never seen. i know him, but never went to him as a doctor. there is another doctor's name in a drop down box to send messages that I also have never seen. yet all these people could access my records without my permission. I would like control over my records, maybe I only want my last set of labs to be sent -- not the last 5 years of labs. Something needs to be done .. it's an invasion of our privacy. They kept saying it's for better care for the patient. on a side note, how about if I wanted to get a 2nd or 3rd opinion. I would not want the obgyn to see that I went to two other doctors . I would not want to hur his feelings. SOmetimes a second/third opinion is more comforting to the patient knowing they will do the right thing. but that info does not need to be seen or shared.

Again the sharing of medical records is okay, but only when I say it is ... not for it just to be there. The one lady said "we never look at other info, only what pertains to us. it shouldn't appear at all then if they don't look at it. ... yet all these people could access my records without my permission. I would like control over my records, maybe I only want my last set of labs to be sent -- not the last 5 years of labs. Something needs to be done .. it's an invasion of our privacy.

I realize this is an old post and hayest is no longer active on the site but I just can't stop myself:

First of all, nobody's "feelings" are getting hurt over you wanting a second opinion. The healthcare workers that take care of you are professionals and this is their JOB....they are not your BFF, and they aren't going to cry themselves to sleep over anything that you do or say. This is a job.

Secondly, as a hospital RN, I have "access" to the medical records of THOUSANDS of patients through our EMR system. I can look at labs, doctors notes, social work notes, medications, everything. And yet I only look up the info that I need to do my job, and ONLY on the patients that I need to know it about.

Now, maybe hayest doesn't have the integrity to not snoop through all those other records for no reason, but medical professionals generally do (and you probably aren't interesting enough to snoop on anyway). Hayest, if you can't trust your medical providers that much, then I welcome you to take control of your medical records by staying home and taking care of yourself.