Did I violate HIPAA?

Published

I'm a junior nursing student. I was chatting with another nursing student on the med-surg unit and we wondered if it was possible to look up psychiatric patients (we are both interested in mental health nursing). So I went to the patient list of the psychiatric unit. I clicked on a patient, then a little warning popped up saying "if you access this chart, you might be audited etc etc". So of course, I pressed cancel and didn't go to the chart.

Obviously, after perusing this website, I would never do such a thing again -- I just wanted to learn about mental health nursing and our clinical instructor has had us look up pt's on other units in the past so I didn't think much of it. Never again...

Summary: I accessed the psychiatric unit patient list in the EMR while on a different unit. I did not go into any specific chart of a patient. I only saw the patient list. Is this a punishable action if I were to be "caught" by an auditor?

I think this is a very thin line. As an employee nurse, bringing up another patients chart with no acceptable reason, of which there are few, would be a violation of privacy. As a student, your intentions were to learn. I still have a gut feeling it would be seen as inappropriate, obviously as you did after that prompt. I think you did the right thing :)

In the spirit of learning though, maybe you could ask your clinical instructor to take you on a tour of the unit or arrange for another nurse precepting on that floor to give you a tour? Maybe in that setting it would be more appropriate for them to show you some charts and let you go through them.

Thanks so much. I can't fall asleep because I'm so worried about it. It just didn't occur to me at the time that it was sort of a violation... like you said, my intention was to learn and I was in learning-mode. It sounds like I probably won't get kicked out of clinical for it. Thanks :)

Specializes in Critical Care, ED, Cath lab, CTPAC,Trauma.

Technically if you did not click into the patient record itself you have not violated HIPAA. I would think about talking with your clinical instructor....but yes if you went into the record it can have you dismissed from the program

Specializes in ER, ICU.

The entire point of HIPAA is to keep people who have no legitimate reason to be in the record, out. Being a student and wanting to learn is admirable, but simply not sufficient reason to go into a chart. It is a barrier to learning, yes, but privacy comes with a cost. Unless you are required to go into a chart for patient care, stay out. Since you heeded the warning and did not enter, you should be fine.

HIPAA allows for medical chart contents to be used for education purposes, but this is supposed to be a controlled process. This means your instructor or preceptor can share them with you as part of your education, and assure that you are properly supervised (don't take copies, etc.) and fully aware of your responsibility not to let the information go any further. This does not mean your instructor can say, "OK, sure, click on all the charts you're curious about," or that you can take it upon yourself to go tooling around in an EMR database, though.

Get some sleep now, you're OK. You might want to recommend that your faculty take three minutes at the beginning of the next class lecture to reinforce all this, now that it's more meaningful to everyone.

Specializes in Emergency, Telemetry, Transplant.
Technically if you did not click into the patient record itself you have not violated HIPAA.

First, OP, let me say that I think you are "in the clear" since you did not open a chart. However, to other folks in the discussion, could this not be a HIPAA violation just by seeing the names of pts. on the psychiatric ward? Again, I don't think the OP has much to worry about, but would this still not be a violation (sorry, need to play devil's advocate here).

Specializes in ER, ICU.
First, OP, let me say that I think you are "in the clear" since you did not open a chart. However, to other folks in the discussion, could this not be a HIPAA violation just by seeing the names of pts. on the psychiatric ward? Again, I don't think the OP has much to worry about, but would this still not be a violation (sorry, need to play devil's advocate here).

No it is not. The hospital directory, or list of patients, is not protected. Patients are asked on admission if they want to be listed, and they may opt out. In that case, their name is either not listed, or marked as private. But, most people are listed. So if I call the hospital asking about a patient, they can tell me; their general condition (critical, stable), the fact that they are a patient, and where in hospital they are (which unit) (unless they opt out of course). But, any more information than that is protected.

In Illinois the Mental Health Code prohibits giving out any information about a psych patient. Cannot acknowledge whether or not someone is even a patient, let alone give any info about condition unless there is a signed release for the person seeking information in the chart. So yes, just to see the list of names is a privacy violation, even if not a HIPAA violation. I'm surprised you could even access this list, as it is restricted in most databases.

Thanks for the feedback, everyone. One main question is whether visiting unit census pages even comes up in their auditing software. But it sounds like even if it does become apparent to the auditors that I visited the psychiatric patient census page, it won't be a true HIPAA violation and I won't get kicked from clinical.

It's certainly a wake-up call though -- I don't see myself as the type of person who would do something really stupid like post a patient's info on Facebook or take a picture with a patient, and yet I'm having this "close call" HIPAA situation. It goes to show that students who are not used to the intensity of health care privacy laws need to never stop actively preventing themselves from violating HIPAA.

Specializes in retired LTC.

Even BEFORE HIPAA there were strict rules & regs regarding psych pts and their privacy, much, much more stringent than the general medically hospitalized population. Being a psych pt had the connotation of the pt having "problems" and they were NOT looked upon favorably.

Even today, much of the misinformation re psych permeates over into general society, so it is little wonder that facilities so aggressively guard pts' privacy.

Hopefully all will work out well with you as you've learned a critical lesson.

Specializes in NICU, PICU, Transport, L&D, Hospice.
First, OP, let me say that I think you are "in the clear" since you did not open a chart. However, to other folks in the discussion, could this not be a HIPAA violation just by seeing the names of pts. on the psychiatric ward? Again, I don't think the OP has much to worry about, but would this still not be a violation (sorry, need to play devil's advocate here).

The patient list of the psychiatric inpatient units are generally protected because of the social stigma attached to that illness. In some facilities merely accessing that patient list without verifiable need/cause could put your job in jeopardy.

+ Join the Discussion