New Supervisor Violating HIPPA?

  1. Hi all!

    Got a new supervisor who we suspect might be violating HIPPA, unintentionally of course.

    She's sent out a few emails and texts with "client" (we work in home health) names and personal medical information. However, when stating the names of the clients, she only uses their first initial and last name. But that is not necessary as she could just use their room number.

    Not trying to get her in trouble or anything, just curious and would like to know what you guys think. It might be wise to give her a heads up for next time.
  2. Visit FutureNurseWoman profile page

    About FutureNurseWoman, CNA

    Joined: Nov '16; Posts: 6
    from US


  3. by   ruby_jane
    What does your institutional policy say about this?
  4. by   ontnursec
    If the email server is secured/encrypted it's not a violation. If the texts are coming over a locked company device it also shouldn't be a violation... but that could be different for you as I am in Canada
  5. by   JustBeachyNurse
    If it's a secured email system or phone it's not a violation. Review company policy
  6. by   Here.I.Stand
    As long as the device is encrypted it's not a violation.

    The reason a room number isn't used is a safety issue: patients sometimes switch rooms.
  7. by   TessLJ
    If it is email on an internal server, or, like others have said, encrypted if the email is going to an external server, then it is not a HIPAA violation. I'd be a little more concerned about texting personal health information, but it doesn't necessarily mean that she's committed a HIPAA violation so far. There should be policies in place within your organization that outline what procedures are in place to maintain HIPAA compliance. I would recommend reviewing and familiarizing yourself with them, especially around social media, which can be quite confusing sometimes.
  8. by   OCNRN63
    Why not just ask her directly? ("Hey, Ms. Supervisor, we were wondering if we're still in compliance with HIPAA when we share pt information using the pt's first initial, last name, and PHI. Would you please clarify?)