Published Jun 6, 2014
virgo7598
140 Posts
My friend works at a clinic and was emailing me today from her work email. In one message, she mentioned how she had just dealt with this man and his wife who wanted to make a consultation appointment and gave her a hard time (they are not patients at the clinic right now, but are in the system). She didn't mention names or anything, but at the end she did say how the wife's "godparents were the founders or something"
I mentioned how I probably shouldn't know that and now she's freaking out thinking she violated HIPAA and is afraid they'll find out because it was on her work email.
Did she violate HIPAA? If she did, what are the chances her work will find out?
JustBeachyNurse, LPN
13,957 Posts
Her bigger issue may be using work email for personal communication.
Privacy/patient confidentiality and company policy were likely violated. It's borderline HIPAA if you happen to know who the goddaughter of the company founders are...
HIPAA requires patient identifiers to be protected: name, date of birth, address, and other identifying information
Discussing issues at work with a non-employee via company email likely violates company policy. Some companies run scanner bots on company email looking for data or information breaches. I worked in contract pharmaceutical research and it was made abundantly clear that no personal, non work-related communications sent via the company email were to be considered private and the company had every right to review any and all communication sent via the company email account. All servers were backed up so deleting was useless once the send button was hit...
Her bigger issue may be using work email for personal communication. Privacy/patient confidentiality and company policy were likely violated. It's borderline HIPAA if you happen to know who the goddaughter of the company founders are...HIPAA requires patient identifiers to be protected: name, date of birth, address, and other identifying information Discussing issues at work with a non-employee via company email likely violates company policy. Some companies run scanner bots on company email looking for data or information breaches. I worked in contract pharmaceutical research and it was made abundantly clear that no personal, non work-related communications sent via the company email were to be considered private and the company had every right to review any and all communication sent via the company email account. All servers were backed up so deleting was useless once the send button was hit...
Turns out they're not even the founders, apparently they're the donors of the clinic who's name is on the building.
And IDK I think she's worked there for a few months and has emailed me before. She hasn't been caught yet so I hope she won't get in trouble :/
Caught yet.... She shouldn't be so sure that she hasn't or won't be caught. She may not find out until disciplinary action
nurseprnRN, BSN, RN
1 Article; 5,116 Posts
I had something HIPAA-ish happen just last week. I picked up a voicemail of a call from a local provider office confirming an appointment with Dr. Mumblemumble for next Tuesday at 2pm. No patient name, no number to call back and I never heard of this doc, but I thought the office ought to know that the appt was not, in fact, confirmed so they could look in the book to see whose appt it was for Tuesday at 2pm and call that person. I looked up the doc name and found he was a psychiatrist, so contacting the patient would have been doubly important in my opinion.
So I called the office and told them what had happened, and the person who called me said, "So you aren't 'Jane Smith' ?"
I said, "OK, look, I am a nurse who's just trying to be helpful. And you have just revealed the name of a patient who has an appointment with a psychiatrist to someone who had no business knowing that. This is a HIPAA violation, you know that, right?"
She got flustered and after awhile said yes, she guessed she knew that.
I said, "OK, now, please be more careful and don't ever do that again. Because I'm bad with names I won't remember 'Jane's' name, and I won't report you. But this is a serious matter, someone else might not be so understanding, and your doc's practice could be in for a world of hurt because of what you did."
Sometimes people just do not think this is important enough to have it in the forefront of their thinking. Hope your friend doesn't get fired...but she might.
OCNRN63, RN
5,978 Posts
Turns out they're not even the founders, apparently they're the donors of the clinic who's name is on the building. And IDK I think she's worked there for a few months and has emailed me before. She hasn't been caught yet so I hope she won't get in trouble :/
Work is for work, not personal emails. If an employee needs to email someone about something unrelated to work, wait till lunch break and use a personal phone.
caliotter3
38,333 Posts
What is she doing wasting work time on personal matters anyway? Now that the two of you have discussed this, she should stop the practice immediately, mentally prepare herself for the day she gets hauled into the office to account for past behavior, and she might even consider looking for a new job, so she can leave before any future discovery and consequences. She will probably now lose sleep over this.