Are any of the following considered HIPAA violation?

Nurses HIPAA

Updated:   Published

Specializes in Med/Surg-Tele-Oncology.

1. A family member of a patient admitted in the hospital came into your unit and ask you to look up the patient's location because the family member has no clue what room/unit the patient is being admitted to. In order to search the location you have to enter the name and DOB of the patient for the system to generate a list of all of the patient's current & past locations.

2. A family member of your patient asks you to print out the lab results/medication lists of the patient. The print-out has your name on it.

3. You are expecting an admission from ER and you were given the name and medical record number of the patient. You access the chart to see what the patient is here for.

4. You are covering for your colleague and a family member of her patients asked you to look up lab value for her.

I've done all of the above but now I beginning to wonder if I have violated HIPAA in doing so?

Up Vote Up Vote ×
Specializes in Physiology, CM, consulting, nsg edu, LNC, COB.

Homework? Tell us what your ideas are, and then we can talk. 
if you’re not a student, then what do you think now? Why? 

3
Up Vote Up Vote ×
On 5/5/2021 at 6:27 PM, Hannahbanana said:

Homework? Tell us what your ideas are, and then we can talk. 
if you’re not a student, then what do you think now? Why? 

I agree that these are very specific questions other than just being curious... but question 1 has me a bit tickled by the wording that a family member comes to the unit to question about their loved one because they have no idea about what unit their family member is on.  Has me envisioning a person wandering from unit to unit - floor to floor just asking anyone "hey do you know where my family member is?"  LOL

Chem0ninja - every scenario listed may not may not be a violation.... and I will agree with Hannahbanan's premise as a learning exercise either for you or anyone reading - if you will start by discussing what you believe for each then other members can help out. 

1
Up Vote Up Vote ×
Specializes in Psych, Corrections, Med-Surg, Ambulatory.

Think through each scenario and ask yourself why wouldn't you comply with such requests.

Hint:  pretend you're the patient.  Is there any reason you wouldn't want your nurse to comply with any of the listed requests?

1
Up Vote Up Vote ×
Specializes in Physiology, CM, consulting, nsg edu, LNC, COB.

OK, then .

1. You can’t do that. Even confirming that someone is (or was) in the hospital at all is a HIPAA violation because it’s a release of private health information. You say, “I cannot release that information.” No “I’m sorry,” no waffling, just a broken record, “I can’t release that information.”

2. Absolutely not. If the person is already listed on the patient’s signed list of people to whom PHI can be given, or has legal guardianship or qualifies for a preexisting POA (and a POA is only active if and when the patient is determined to be unable to speak for himself, not just because it exists; it’s a PRN thing), you can discuss. The printout belongs to the hospital. 

3. Depends on hospital policy. Most will say that’s not your information to access until you accept the patient at a formal handoff. 

4. No. See #1; the patient’s nurse can deal c the family or whoever they are when break is over.

Up Vote Up Vote ×
Specializes in retired LTC.

I must be slipping - didn't think homework when this first posted!

Up Vote Up Vote ×

My answers:

1. This would not violate HIPAA. See here. Follow your hospital's related policies.

2. Direct the individual to the process for obtaining medical records. Follow related hospital policies.

3. Follow hospital policy. Strictly speaking there is no HIPAA violation here. [As opposed to a situation where people are randomly perusing the ED tracker board/patient charts to see if there are any patients whose situations might look like they might need to be admitted and might come to your unit.]

4. Assuming I had the time, I would handle this the same as if it were my own patient - it would depend upon whether the individual is authorized to have the information or not. And....follow hospital policies. 

??

2
Up Vote Up Vote ×
Specializes in Physiology, CM, consulting, nsg edu, LNC, COB.

1. The HIPAA rule about disclosing location, general nonspecific info, etc., is predicated on the patients permission. In full:

Does the HIPAA Privacy Rule permit hospitals and other health care facilities to inform visitors or callers about a patient’s location in the facility and general condition? 

Answer:

Yes. Covered hospitals and other covered health care providers can use a facility directory to inform visitors or callers about a patient’s location in the facility and general condition. The Privacy Rule permits a covered hospital or other covered health care provider to maintain in a directory certain information about patients – patient name, location in the facility, health condition expressed in general terms that does not communicate specific medical information about the individual, and religious affiliation. The patient must be informed about the information to be included in the directory, and to whom the information may be released, and must have the opportunity to restrict the information or to whom it is disclosed, or opt out of being included in the directory. The patient may be informed, and make his or her preferences known, orally or in writing. The facility may provide the appropriate directory information – except for religious affiliation – to anyone who asks for the patient by name. Religious affiliation may be disclosed to members of the clergy, who are given additional access to directory information under the Rule. (See other FAQs at this site by searching on the term “clergy”.)

Even when, due to emergency treatment circumstances or incapacity, the patient has not been provided an opportunity to express his or her preference about how, or if, the information may be disclosed, directory information about the patient may still be made available if doing so is in the individual’s best interest as determined in the professional judgment of the provider, and would not be inconsistent with any known preference previously expressed by the individual. In these cases, as soon as practicable, the covered health care provider must inform the patient about the directory and provide the patient an opportunity to express his or her preference about how, or if, the information may be disclosed. See 45 CFR 164.510(a).

2. Interestingly, one of the big concepts to remember in NCLEX (!) is that they want to know what the nurse should do. They don’t want to hear you answer, “Turf to chaplain / dietary / whatever,” no. So my first answer would be, “No, I can’t give you that,” if the patient has not put this person on the list of people permitted to get this info, if they are not a legal guardian, or if the conditions for POA are not met. If those disclosure permissions are in effect, only then do you follow up by telling them to go to medical records, because you cannot help them. 
 

4. I’d still ask them to speak to the patient’s nurse when she returns from break. Why? Because there’s a chance they are not allowed this info, have already been turned down, and are hoping you don’t know that. ( The old, “If mom says no, ask dad” approach.)

Interesting discussion. 

1
Up Vote Up Vote ×
39 minutes ago, Hannahbanana said:

1. The HIPAA rule about disclosing location, general nonspecific info, etc., is predicated on the patients permission. In full:

Yes. This is obtained at admission/arrival.  If it is not obtained (pt declines to participate in facility directory) then that should be noted when the name is searched. Same thing that would happen at reception desk. The info is not given if the patient has not participated in the directory. Follow hospital policies including understanding how to know who has/hasn't participated in the directory. Etc.

 

Up Vote Up Vote ×
Specializes in Med/Surg-Tele-Oncology.
On 5/5/2021 at 7:27 PM, Hannahbanana said:

Homework? Tell us what your ideas are, and then we can talk. 
if you’re not a student, then what do you think now? Why? 

Sorry for the late response. These are not homework questions. These are scenarios that had happen and still happen frequently in my unit. I did all of them because I didn't think these are HIPAA violation. But after reading some HIPAA posts under the HIPAA discussion posts I started to have second thought of my reaction to these scenarios and wondered if I have actually been violating HIPAA without being aware of it. If so it would be a shame since I've been a nurse for some years now :T

Up Vote Up Vote ×
Specializes in Med/Surg-Tele-Oncology.
On 5/7/2021 at 11:19 AM, 203bravo said:

I agree that these are very specific questions other than just being curious... but question 1 has me a bit tickled by the wording that a family member comes to the unit to question about their loved one because they have no idea about what unit their family member is on.  Has me envisioning a person wandering from unit to unit - floor to floor just asking anyone "hey do you know where my family member is?"  LOL

Chem0ninja - every scenario listed may not may not be a violation.... and I will agree with Hannahbanan's premise as a learning exercise either for you or anyone reading - if you will start by discussing what you believe for each then other members can help out. 

#1 actually happens most frequently in my hospital. We have security guards in the lobby that basically don't do anything. When visitors come to look for a patient the security guard only tell them what floor that patient is located at without telling them specific unit and room number. There are four different units in one floor with three different elevator, one of the elevator opens directly to the main nursing station in my unit so almost on a daily basis we have visitor comming up to us asking to help them locate a patient. 

Up Vote Up Vote ×
Specializes in Physiology, CM, consulting, nsg edu, LNC, COB.
6 minutes ago, Chem0ninja said:

I did all of them because I didn't think these are HIPAA violation. But after reading some HIPAA posts under the HIPAA discussion posts I started to have second thought of my reaction to these scenarios and wondered if I have actually been violating HIPAA without being aware of it. If so it would be a shame since I've been a nurse for some years now :T

Oh, heck, you’re not the only one. 
We do the best we can. When we know better, we do better (paraphrasing Maya Angelou). Go forth. 

Up Vote Up Vote ×
+ Add a Comment