Can chart audits be a HIPAA violation?

Updated:   Published

Specializes in Combat medicine, inpatient medicine, and LTC.

My unit management has just recently introduced pain audits that staff nurses must complete. Each nurse must complete 3 pain audits on any 3 patients in our unit each month. The patient must NOT be your own patient.

This requires nurses to open patient charts to review the patient's medication record, care plan, vital signs, pain assessments, etc. It's important to note that upon opening the patient's chart, you are greeted with a cover sheet that lists allergies, diagnoses, immunizations, and appointment history.

Now, this sounds like a clear HIPAA violation in my head, however, I believe management believes this is okay given that they are chart audits. I know I would be upset if I was hospitalized at this hospital and every nurse was opening my chart.

TIA

Specializes in CEN, Firefighter/Paramedic.

Quality improvement is a clearly stated exemption from HIPAA

Specializes in PICU.

Not a HIPAA violation

Specializes in OR, Nursing Professional Development.

Let's go for concrete evidence instead of "Now, this sounds like a clear HIPAA violation in my head,” What statute within HIPAA do you think would make this a violation? What statute(s) would make this an authorized use of the chart?

I'm not asking to be mean or anything, but because a lot of people misunderstand HIPAA and what is or isn't permissible - it's amazing how eye opening actually looking into the text of the act can be. 

I would just add that with things being what they are, I would make sure you understand the correct/accepted way to indicate in the EMR your reasoning for opening the particular charts  you audit. 
 

Otherwise agree with the above. 

Specializes in orthopedic/trauma, Informatics, diabetes.

Not a HIPAA violation. I used to do a lot of hypoglycemic audits at my last job and there was a pop-up about the chart and one of the options was "chart review" Same for doing CAUTI prevention audits

Specializes in oncology.
Quote

Each nurse must complete 3 pain audits on any 3 patients in our unit each month. The patient must NOT be your own patient.

This looks like  drug seeker/user/theft activity monitoring and more so an administer monitoring  activity. You KNOW they are looking patterns. . It is their job (with out getting their hands dirty) and facility. If you find discrepancies'  the administers will direct that you are accusatory and  are at fault for the  data .  Get out of there...there is an internal problem

Specializes in Psych, Addictions, SOL (Student of Life).

No, This is not a HIPAA violation because the nurse doing the audits is assigned to those charts/patients  therefore remain a covered entity.

londonflo said:

This looks like  drug seeker/user/theft activity monitoring and more so an administer monitoring  activity. You KNOW they are looking patterns. . It is their job (with out getting their hands dirty) and facility. If you find discrepancies'  the administers will direct that you are accusatory and  are at fault for the  data .  Get out of there...there is an internal problem

No, it's for compliance to CMS and JCAHO standards. 

Specializes in oncology.
Quote

My unit management has just recently introduced pain audits 

This sounds like an activity for the DON or assistant DON.  As they are RNs they have the skill, knowledge and attitude to do this. Unless it was in my job description to evaluate (and enforce results of my findings) I think weak leadership is going on. 

What if "A" auditor finds no complaints of pain, no vital signs indicating pain and in fact  there was NO PAIN ASSESSMENT done prior to the administration of pain medication! Is "P" at fault for giving pain medication?  

I have metal from a hip pining in my leg. Last night that hip hurt horrible. I told my husband I was going to take ibuprofen because I just knew it was going to snow. Guess what, it did! Barometric pressure has a lot to do with aches and pains....is that on the pain assessment tool?  An RN told me that she also had lots of requests for acetaminophen before a storm.

Quote

 review the patient's medication record, care plan, vital signs, pain assessments,

 

Specializes in PICU.
londonflo said:

This looks like  drug seeker/user/theft activity monitoring and more so an administer monitoring  activity. You KNOW they are looking patterns. . It is their job (with out getting their hands dirty) and facility. If you find discrepancies'  the administers will direct that you are accusatory and  are at fault for the  data .  Get out of there...there is an internal problem

In order to be compliant with many governing bodies such as CMS, JCAHO, Dept of health, audits need to be done. When DOH comes to facilities they want to see how often is pain documented, if Tylenol or other meds are given that a pain reassessment is done, and that we are caring for patients and addressing pain needs.

All staff have the responsibility for audits.  By not doing your own patients you are ensuring that fair documentation and compliance is done.

Specializes in Vents, Telemetry, Home Care, Home infusion.

Always good to go to the healthcare law to confirm whats permissible.

HHS: Understanding Some of HIPAA's Permitted Uses and Disclosures

Quote

Permitted Uses and Disclosures: Exchange for Health Care Operations45 Code of Federal Regulations (CFR) 164.506(c)(4)

•Conducting quality assessment and improvement activities
•Developing clinical guidelines
•Conducting patient safety activities as defined in applicable regulations
•Conducting population-based activities relating to improving health or reducing health care cost
•Developing protocols
•Conducting case management and care coordination (including care planning)
•Contacting health care providers and patients with information about treatment alternatives
•Reviewing qualifications of health care professionals
•Evaluating performance of health care providers and/or health plans
•Conducting training programs or credentialing activities
•Supporting fraud and abuse detection and compliance programs

I've done chart audits since the 90's in hospital and home healthcare settings, much easier with electronic medical records now. Often QA/your would give us list of client names to review those charts for pain management, skin assessment done on admission, wound care protocol followed, surgical consents signed timely, infection control, etc --whatever regulatory agency interested in that month/quarter.

+ Join the Discussion