HIPAA violation?

  1. I work in a sub-acute facility. The resident in question is alert but can no longer communicate. A direct family member who is the responsible party, asked us not to give information to a friend of the resident. That friend though is allowed to visit. The friend called the unit pretending to be another direct relative on the approved list. We knew who she was and explained HIPAA to her, she was a little upset. It turned out she was with the approved family member. We explained to the approved family member that what the friend did was not right, why did she need the friend to call and pretend to be her? Weird. We explained that medical workers have lost jobs by accidentally or intentionally giving out personal information to those not authorized. Did we handle this correctly? We still have to bring it up with DON on Monday. Just curious.
  2. Visit nurseguy213 profile page

    About nurseguy213, LVN

    Joined: Feb '13; Posts: 14; Likes: 6
    from CA


  3. by   RNNPICU
    Sounds like the family was testing you. Some places use a 4 digit code number that only approved family members would know. The code needs to be given before any information can be revealed. You could even use a word, or something pertinent to the patient. However, if families give out this code, you truly have no way of knowing if they are an approved person or not. We tell family members, that if any person calls and can accurately give the number, we are understand that they can have any and all medical information. We encourage families to only give the code number to people who should have access to medical information.
  4. by   meanmaryjean
    You did exactly right and RNNPICU gives good advice.