HIPAA violation

Nurses HIPAA

Published

A nurse friend of mine volunteered to mail out lab results to patients, and accidentally sent one of the letters to the wrong patient. The envelope was returned to the hospital, and she's now going through HIPAA hell. There was no patient name in the letter, only an ID number. Any idea what's likely to happen from here? Is the union rep likely to be of much assistance? She has a sterling reputation at the hospital, and nothing like this has ever happened to her before. She's pretty distraught about it.

Thanks for your help!

...Steve

Specializes in ICU.

How did the letter get to the other pt without a name? If there's no name, then I don't see the problem. How would the pt who received it even know that it wasn't their results, unless it was for different tests? Mistakes do happen, but unfortunately that isn't going to help your coworker if the pt involved does want to pursue legal action.

Specializes in Psych ICU, addictions.

Perhaps mailing out lab results is against the facility's policy because such things as this can happen.

I know that if I want to get a copy of lab results from my doctor, I have to go in person armed with a couple of IDs.

Specializes in Critical Care, ED, Cath lab, CTPAC,Trauma.

How is it HIPAA hell when there is no name involved. So, the patient cannot be identified that was sent to the wrong address. I can't see how HIPAA was violate and there need to patient identifiers to actually identify the patient to the general public. Hospitals have HIPAA phobia and claim everything is HIPAA when it really isn't an issue.

I don't know how helpful the union will be as it depends on the union itself. If your friend has I would notify them immediately as now one of the biggest claims they represent are HIPAA violation accusations.

This site may help some.

HIPAA FAQs

Specializes in Hospital Education Coordinator.

why did she mail them anyway? Why risk it?

It most likely HIPPA hell, due to the fact the powers-that-may-be wish to apply a "black-and-white" rule related to HIPPA to a "gray" area. The more power one has the less likely they know how to apply it. Can one say-- idiots!

knowledge is power. if she gets any flack, she should ask them to show her chapter and verse about how this error was a hipaa violation. they won't find it.

in law you don't have malpractice without all four required elements:

  1. a duty was owed: a legal duty exists whenever a hospital or health care provider undertakes care or treatment of a patient.
  2. a duty was breached: the provider failed to conform to the relevant standard care.
  3. the breach caused an injury: the breach of duty was a proximate cause of the injury.
  4. damages: without damages (losses which may be pecuniary or emotional), there is no basis for a claim, regardless of whether the medical provider was negligent. likewise, damages can occur without negligence, for example, when someone dies from a fatal disease.

if you have a breach of duty but there is no loss, there is no case. i suppose someone will want to make a case for malpractice if his/her private health information is inappropriately distributed. in this case, since the party who received the lab values in error cannot identify the patient, there is no damage done. there was a duty (of confidentiality), the duty was breached, but there was no injury and no damage.

Specializes in ED.

Hi Steve, sorry to hear about your friend's trouble; I thought I would add my two cents. First, with respect to GrnTea, the post is not entirely accurate. Tort law requires a breach of duty, a causation, and an injury. However, HIPAA does not fall under a common law tort scheme. HIPAA is a government regulation that imposes fines and penalties and not, as GrnTea implies, a private right of action in a malpractice suit (at least not yet). The government can fine both an individual and the hospital for a HIPAA violation, even if it is accidental and even if there was no injury. However, the government takes various factors into consideration when assessing a fine, such as whether the release was intentional and whether a party was injured. With respect to criminal penalties under HIPAA, they often do not apply to inadvertent release of PHI. Of course, this is all assuming that the lab results had patient "identifiers" on them.

Unfortunately, HIPAA hell is not the only thing she needs to worry about. The facility can punish her if she broke an administrative policy or procedure. Moreover, the State Nursing Board may decide to invoke disciplinary proceedings is she violated nursing ethics. As for the union rep, I don't see why anyone would not want a union rep in a disciplinary hearing with them. Even if the union rep sits and says nothing, the real advantage to having one is that you have a witness. I hope this helps.

+ Add a Comment