Student HIPAA violation question - page 4

by studnt

4,943 Views | 31 Comments

In my externship at a large clinic. I needed to have my immunizations up-to-date. I was told my MMR was not and could not be found anywhere in the registry. I had my blood drawn at another clinic to see if I was immune. They... Read More


  1. 0
    I read this article. As one of my favorite lines from The Princess Bride states, "I don' think that means what you think it means."

    It is not about HIPAA forbidding you to read your own records (because HIPAA doesn't do that). It's legal opinion advising covered entities to sure that their record-keeping protocols are HIPAA-compliant, in that records are not easily accessible without going through protocols to document access. It says that if you ask staff and discover that some of them are accessing their own records, it is a red flag that the system is not as secure as it ought to be and could invite audit to see that practices are HIPAA-compliant. It does NOT say that staff accessing their own records is a HIPAA violation.

    Here's the text from that blog post:
    For those of you working in medical practices, your own medical record is sometimes only a few clicks or a few steps away. But be careful. Easy access shouldn’t translate to open access.
    “Under HIPAA everybody is supposed to have access only to the minimal necessary to do their job,” Practice Notes blogger and Illinois-based attorney Ericka L. Adler told Physicians Practice. “You’re not your own doctor obviously, so just because you work somewhere doesn’t mean you should be able to access your own medical records.”
    In addition, while every patient has a right to his or her own record, that doesn’t mean any patient (including a practice employee or physician) should bypass the HIPAA patient record-related protocols that should be in place at all practices, Steven Kabler, an attorney at Denver-based Jones & Keller told Physicians Practice.
    “What happens is under HIPAA there are a number of regulations that deal with the security of medical records,” he said. For instance, covered entities must ensure the confidentiality of all health information they receive, and they must enact procedures and policies to keep that information secure.
    “To protect the integrity of the medical records and to protect the confidentiality, a healthcare provider should go through the procedures that a patient would go through in order to access their record,” said Kabler.
    At a minimum, Kabler recommends these procedures include a requirement that all patients (even those who work at the practice) either sign a release or submit a written request for their records when they wish to view them. That way, providers can document who has viewed the records and what they have viewed.
    Even in smaller practices where the atmosphere is open and laid back, it’s important that staff members and physicians follow strict guidelines when it comes to accessing their own records, said Adler. “There’s a slippery slope [toward HIPAA violations] and right now they’re really enforcing HIPAA, and these are the kinds of things that get practices into trouble.”
    For instance, if a staff member can easily access any records, including her own, that means the necessary HIPAA procedures are not adhered to at the practice, said Adler. “It’s getting more and more likely a practice could be audited for its HIPAA practices and policies,” she said, noting that compliance is key.
    Other HIPAA-related problems could arise if staff members are questioned about HIPAA policies and it comes to light that they are able to look at their own records. It “invites scrutiny,” said Adler, noting that an employee looking up his own medical record, “may not necessarily be the initial reason for a HIPAA audit/investigation, but could lead to problems.”
    Beyond HIPAA violations, when staff members or physicians freely access their own records it raises other issues. For instance, an employee or physician who views his record might alter it. Or, if the physician who is treating the employee knows the employee is freely accessing his own record, the physician may have difficulty providing an honest assessment of the employee (patient) in the record, said Adler.
    Kabler advises practices specifically address this issue with staff members, noting that HIPAA requires covered entities to make staff members aware of record procedures.
    “It always makes sense to have that [employees and physicians not having open access to their own records] as a written policy,” he said. “You absolutely need to make staff and employees aware of it.”
    - See more at: HIPAA Compliance: Access to Practice Staff Medical Records | Physicians Practice
  2. 1
    The link above is a great resource and is an interesting article....the site requires registration but it is free!!!! This article addresses private practices which are similar to large facilities in requirements have slight variations is compliance.

    f a staff member can easily access any records, including her own, that means the necessary HIPAA procedures are not adhered to at the practice, said Adler. “It’s getting more and more likely a practice could be audited for its HIPAA practices and policies,” she said, noting that compliance is key.

    Other HIPAA-related problems could arise if staff members are questioned about HIPAA policies and it comes to light that they are able to look at their own records. It “invites scrutiny,” said Adler, noting that an employee looking up his own medical record, “may not necessarily be the initial reason for a HIPAA audit/investigation, but could lead to problems.”
    .
    Kabler advises practices specifically address this issue with staff members, noting that HIPAA requires covered entities to make staff members aware of record procedures.

    It always makes sense to have that [employees and physicians not having open access to their own records] as a written policy,” he said. “You absolutely need to make staff and employees aware of it.”

    You may view your own record according to HIPAA......not making an employee adhere to the same principles as everyone else to gain access conveys a lack of compliance/control and brings the practice under scrutiny and ethical accuracy.
    Last edit by Esme12 on Feb 28, '13
    rnnursingstudent likes this.


Top