Epic HIPAA violation

No. This is one of the dumber things that I have ever heard someone do in healthcare and it is highly unlikely that your friend will keep their job. Their license could easily be in jeopardy as well. Sorry I don't really have anything all that nice or supportive to say. I hope this person is able to find another job and learns from the situation. 

I know you want to help your friend but personally, I would distance myself ASAP!  An investigator may assume 'guilt by association' and you could find yourself being disciplined too (I've seen it happen). 

Ugh, sounds like an Epic Failure. Such an egregious violation. 

A face sheet is accessing very private stuff. It lists things like insurance, medical record numbers, SSN, birthdays, address, phone number, relatives. Pretty invasive. It is identity theft waiting to happen. 

On 12/23/2021 at 8:13 PM, EmNightShamala said:

I've just never heard of someone getting in trouble without opening a chart

Well even if whatever she did technically weren't a HIPAA violation, it would 99.999% be a violation of the privacy practices of that facility/company. This is not necessarily about whether she opened charts or not, what she did was utilize their EHR system for behavior that is clearly out of bounds and indicates the exact kind of unrestrained nosiness that is unacceptable in this line of work.

Claims of ignorance will not help here; they are smart enough to know that it's the mindset that is the problem. She must've known something about this was prohibited or else she would've just got a cup of coffee and read through her friends' charts. Instead she tried to snoop only to the extent that she thought wouldn't get flagged....and she was wrong. It was still snooping and it was still using the EHR for a purpose neither intended nor allowed.

It's too bad. Just be there as a friend. Don't make excuses. Encourage her to learn the lesson and move forward whatever the consequences.

13 hours ago, EmNightShamala said:

 I'm aware of those facts, unfortunately I don't believe she was at the time.

If she graduated from nursing school, got a job and paid any ounce of attention she knew very well about HIPAA. Even scrolling around bed boards and just looking at names is a HIPAA violation unless you have a reason to do so. For example, On nights that I'm charge in the ICU, I check in on the census boards for patients on high flow oxygen or BiPAP, knowing that these are the more likely patients to become unstable and potentially require attention. If I'm not charge, no checking. Identifying any patients, and ANY information, including just the fact that they're in the hospital, is a violation.

It's good that your friend has someone like you that believes in them and wants to help. I don't think it's in your best interest to say something like "It's all going to be fine", you will help her most by being a realistic voice that losing a particular job is not the end of a career. If by chance it is pursued and she loses her license as well, being a constructive sounding board for other potential work opportunities would also be a supportive thing. But reinforcing her "not my fault/I didn't know" frame of mind will not serve her well, she will need to take responsibility for her actions.

Good luck to you both.  

"HR has suspended her while they are investigating". 

I figured nobody payed attention to this. Typically, they are only concerned if you open your own chart.