HIPAA scapegoat

Published

First of all I wanted to say that I created this account for my wife. She is fighting either an unbelievable level of incompetence or unimaginable level of malice from her now former employer. I figured we are at the point where we need to crowd source some ideas from people that are in her field.

(I am a programmer who works in the healthcare realm, just for background on me)

Background:

-Floor nurse on a telemetry floor for 3 years on 3rd shift in upstate NY.

-Terminated for supposed HIPAA violation.

Narrative:

My wife was brought into an early morning meeting after her shift ended to discuss a problem. She was confronted about accessing ED Pt records ‘view’ screen. She said yes, I look at the chief complaint as do most other nurses to get a sense of potential Pt admissions. (the ED EHR main screen when logging in has First, Last, DOB it does not have chief complaint for her).

She said she thought it was acceptable since other nurses do the same thing (common practice she learned on the floor) and the newer nurses now have chief complaint on the main screen (no need to click ‘view’). The hospital administrators in the meeting were shocked that the newer nurses could see chief complaint by default.

My wife had already accepted a new job at another hospital and already had her resignation letter in her pocket to hand to her manager, which she did immediately after this meeting. With two shifts left before leaving on good terms she gets a phone call where they terminate her for this ‘HIPAA violation’.

She was also accused of looking at Pts on another unit, but that was debunked during the meeting where they fired her by her manager because she picks up shifts on that other unit and the access was appropriate. (yes, they didn’t even know where she worked before accusing her and firing her)

Some of the other RNs were also investigated for doing the same thing, but so far no one else has been fired. They would have to fire half the RNs in the hospital if the same standard was applied. The ombudsman was helpful at first, but now seems useless. HR wont even talk to her and says, via the ombudsman, they don’t have to follow the employee handbook because she ‘broke the law’.

Questions:

A. What can she expect with this type of HIPAA violation?

B. Is there any recourse to fight this?

C. Will her new employer be notified of the violation?

D. Is there any whistle-blower protection since she notified them of their own HIPAA violations (by their definition, not hers)?

E. Is the hospital simply using her as a scapegoat so they can say the 'problem was fix' so they don't have to report themselves?

F. Any Pro bono lawyers or groups that deal with libel in the health care world?

Please feel free to ask any questions and we both really appreciate any help that can be provided.

Up Vote Up Vote ×

A. If the patient wasn't assigned to her or she was not actively engaged in care for the patient, it is a HIPAA violation. You can't just sit and pull up every ED admission that comes in just because you work in the ED. You also don't know what other nurses do...you only know what your wife tells you.

B. Either she accessed the charts or she didn't. An electronic record will prove this.

C. Her new employer will not be notified UNLESS it's reported to the BON.

D. Unless she has proof (dates, times) other nurses did the same thing, she has no recourse. Stir the pot and they can turn a simple firing into a BON investigation--let it go.

E. I see no problem or HIPAA violation on the part of the hospital. Surgery centers do the same thing...they list info on the patient with the surgery on a board. As long as it is viewable only by others on the unit, there is no HIPAA violation. Being able to view "chief complaint" at a glance may be necessary in an ER for the charge nurse to manage staffing. You can't have a high-needs patient that is critical/unstable paired with five other patients with a stumped toe. It is not reasonable to go through EVERY chart for admissions that are fluid.

F. You are not going to find an attorney to take the case for free and they won't take it most likely for pay anyway.

1
Up Vote Up Vote ×
1 hour ago, Jory said:

A. If the patient wasn't assigned to her or she was not actively engaged in care for the patient, it is a HIPAA violation. You can't just sit and pull up every ED admission that comes in just because you work in the ED. You also don't know what other nurses do...you only know what your wife tells you.

--She was on a telemetry floor and the RNs would pull the chief complaints for insight into cardiac cases in the ED. It's a matter of if you had to just log into the system and see the info or click on something. Some had different views, but all RN's had the same function on that floor.

B. Either she accessed the charts or she didn't. An electronic record will prove this.

--It will prove she accessed the record, but that isn't the problem. The problem is they didn't understand she was caring for the Pt because she was picking up a shift on a different unit.

C. Her new employer will not be notified UNLESS it's reported to the BON.

--Good to know.

D. Unless she has proof (dates, times) other nurses did the same thing, she has no recourse. Stir the pot and they can turn a simple firing into a BON investigation--let it go.

--This is already established. She is the one who told the hospital they had conflicting access for RNs that serve the same 'role'.

E. I see no problem or HIPAA violation on the part of the hospital. Surgery centers do the same thing...they list info on the patient with the surgery on a board. As long as it is viewable only by others on the unit, there is no HIPAA violation. Being able to view "chief complaint" at a glance may be necessary in an ER for the charge nurse to manage staffing. You can't have a high-needs patient that is critical/unstable paired with five other patients with a stumped toe. It is not reasonable to go through EVERY chart for admissions that are fluid.

--I'm not talking about ED RNs having the access. Telemetry RNs working on my wife's floor were given the extra access. This is why the hospital violated HIPAA. If it's a violation for an RN on Unit-A to access a portion of PHI, its a violation for the hospital to give that PHI to that exact same RN.

F. You are not going to find an attorney to take the case for free and they won't take it most likely for pay anyway.

--If they do report it we will go the defamation route. I read up on a number of RNs having to do the same thing. Hospitals use HIPAA to circumvent labor laws and internal policy and procedure, but incompetence works as well. Let’s hope it doesn’t come to that.

Up Vote Up Vote ×
Specializes in Psychiatry, Community, Nurse Manager, hospice.
4 hours ago, Jory said:
On 5/25/2019 at 6:48 PM, inthealpine said:

First of all I wanted to say that I created this account for my wife. She is fighting either an unbelievable level of incompetence or unimaginable level of malice from her now former employer. I figured we are at the point where we need to crowd source some ideas from people that are in her field.

(I am a programmer who works in the healthcare realm, just for background on me)

Background:

-Floor nurse on a telemetry floor for 3 years on 3rd shift in upstate NY.

-Terminated for supposed HIPAA violation.

Narrative:

My wife was brought into an early morning meeting after her shift ended to discuss a problem. She was confronted about accessing ED Pt records ‘view’ screen. She said yes, I look at the chief complaint as do most other nurses to get a sense of potential Pt admissions. (the ED EHR main screen when logging in has First, Last, DOB it does not have chief complaint for her).

She said she thought it was acceptable since other nurses do the same thing (common practice she learned on the floor) and the newer nurses now have chief complaint on the main screen (no need to click ‘view’). The hospital administrators in the meeting were shocked that the newer nurses could see chief complaint by default.

My wife had already accepted a new job at another hospital and already had her resignation letter in her pocket to hand to her manager, which she did immediately after this meeting. With two shifts left before leaving on good terms she gets a phone call where they terminate her for this ‘HIPAA violation’.

She was also accused of looking at Pts on another unit, but that was debunked during the meeting where they fired her by her manager because she picks up shifts on that other unit and the access was appropriate. (yes, they didn’t even know where she worked before accusing her and firing her)

Some of the other RNs were also investigated for doing the same thing, but so far no one else has been fired. They would have to fire half the RNs in the hospital if the same standard was applied. The ombudsman was helpful at first, but now seems useless. HR wont even talk to her and says, via the ombudsman, they don’t have to follow the employee handbook because she ‘broke the law’.

Questions:

A. What can she expect with this type of HIPAA violation?

B. Is there any recourse to fight this?

C. Will her new employer be notified of the violation?

D. Is there any whistle-blower protection since she notified them of their own HIPAA violations (by their definition, not hers)?

E. Is the hospital simply using her as a scapegoat so they can say the 'problem was fix' so they don't have to report themselves?

F. Any Pro bono lawyers or groups that deal with libel in the health care world?

Please feel free to ask any questions and we both really appreciate any help that can be provided.

My advice is to forget about the hipaa violation.

Focus on the fact that she was not fired, she resigned.

An employer cannot fire you after you resign. They can decline to accept your notice and dismiss you immediately, however this is still a resignation.

If they claim to have fired her, it is libel.

A letter from a lawyer may be helpful, just to ensure that they report her status as resigned.

3
Up Vote Up Vote ×
5 hours ago, inthealpine said:

I'm going to be honest with you...you still don't understand the problem.

It doesn't matter what they were "trying" to do. She pulled up the chart on a patient she wasn't assigned to and she was not ACTIVELY engaged in patient care. That is a HIPAA violation. You apparently don't understand what does and does not constitute a violation.

So they got confused on her working another floor. There are several records in the system to prove it. This...is also petty. They made an error, she explained it...they dismissed it...so what. It does..not..matter.

Hospitals don't have to give every RN the same access. That is for administration to decide, not your wife and not you.

Telemetry nurses have to be given access to EVERY patient in the hospital that is on telemetry (or floor) because they are responsible for monitoring them as a group. Have you ever seen a telemetry room? Go look...then you'll understand.

You don't have a leg to stand on in a defamation route. This is HIPAA 101.

You are mad because she got reprimanded and trust me, there was a REASON she was targeted if other nurses are doing the same thing.

Again, stir the pot and what could be a simple firing can turn into a BON complaint and trust me..if they file it, they WILL win and good luck finding a job with a mark on your license.

She needs to pay close attention what her HIPAA training states she can and cannot do...not what she sees others do.

4
Up Vote Up Vote ×
1 hour ago, Jory said:

I'm going to be honest with you...you still don't understand the problem.

It doesn't matter what they were "trying" to do. She pulled up the chart on a patient she wasn't assigned to and she was not ACTIVELY engaged in patient care. That is a HIPAA violation. You apparently don't understand what does and does not constitute a violation.

--I gave you the benefit of the doubt last post, but you are being a bit ridiculous now. If denying PHI degrades patient care it is not a violation. Period. The hospital cannot say the information between departments is necessary and a violation at the same time.

So they got confused on her working another floor. There are several records in the system to prove it. This...is also petty. They made an error, she explained it...they dismissed it...so what. It does..not..matter.

--The point is the DID NOT dismiss it, they refused to acknowledge it. My entire post was about the hospital refusing to do their due diligence in examining the data.

Hospitals don't have to give every RN the same access. That is for administration to decide, not your wife and not you.

--I'm telling you by the own hospitals account that the access they gave was a mistake. 100% you are the only one who is defending the hospitals mistake. They are just not categorizing it as a HIPAA violation.

Telemetry nurses have to be given access to EVERY patient in the hospital that is on telemetry (or floor) because they are responsible for monitoring them as a group. Have you ever seen a telemetry room? Go look...then you'll understand.

You don't have a leg to stand on in a defamation route. This is HIPAA 101.

--If they say she committed a HIPAA violation, but she was in a Pt record that was HER PATIENT, you think that is valid???

You are mad because she got reprimanded and trust me, there was a REASON she was targeted if other nurses are doing the same thing.

--You are correct here. She was targeted because she was leaving the hospital and could be a scapegoat for the hospitals own (by their definition) violations. Other RNs have texted her that they have gotten suspended and given a ‘final warnings’...so I guess all the nurses are just bad and only the hospital administration is the benevolent and dutiful care giver?

Again, stir the pot and what could be a simple firing can turn into a BON complaint and trust me..if they file it, they WILL win and good luck finding a job with a mark on your license.

She needs to pay close attention what her HIPAA training states she can and cannot do...not what she sees others do.

--I’m starting to understand that you are likely a ‘company man’ so to speak. It is not a shrug of the shoulders to accuse a nurse of accessing a Pt record inappropriately and then find out the nurse was providing care for said Pt all along.

I find it shocking that another RN would be so blindly accusatory while creating excuses for hospital administration that even they wouldn’t even dare to say out loud.

--I do want to thank you for your point of view. It does remind me that bureaucrats exist everywhere and doing what is best for a Pt is not necessarily the chief objective of everyone. Truthfully, this has been a sobering reminder.

1
Up Vote Up Vote ×
16 hours ago, FolksBtrippin said:

This is an interesting take. I'll have to keep this in mind as the process moves forward. NY is an at will state, but I don't think that matters if they tell anyone she was fired it would be incorrect.

Thanks.

Up Vote Up Vote ×

duplicate

Up Vote Up Vote ×
Just now, Jory said:
Up Vote Up Vote ×

You still don't get it.

Here is my prediction: Keep stirring the pot and you'll be posting in six months on how to get a lawyer to defend your wife on a BON HIPAA violation.

One the hospital will 100% have electronic evidence she violated. They are not going to care about what "others" are doing. They are ONLY going to concern themselves with the case before them.

Some people, unfortunately, have to learn the hard way.

This is not about being a "company person". This is about being an experienced nurse, former manager, APRN, has sat on numerous committees and fully understands HIPAA policies are put in place for patient privacy protection...not to satisfy the curiosity of a nurse in the department. I am bound to it in my job just like any other healthcare professional.

My personal opinion is that your wife isn't telling you the full story either.

3
Up Vote Up Vote ×

You are 100% a 'company person'. The first sentence of the first post you accused my wife of lying.

You defended the hospital blindly in ways even they don't have the audacity to do.

You now say 'dont stir the pot' as though keeping your mouth shut takes priority over Pt care and the truth.

This was not idol curiosity, it was observation of 3 years of common practice on multiple units and RNs doing what they thought was best for patient care. I'm so glad my wife already found a new job because those RNs left on those units are petrified of doing their jobs because of 'company persons' second guessing every minute they are on the clocked in.

...to those reading and interested, my wife's now ex manager is going to the head of HR to protest. Fingers crossed this all ends soon.

Up Vote Up Vote ×
Specializes in Psychiatry, Community, Nurse Manager, hospice.
2 hours ago, Jory said:

You still don't get it.

Here is my prediction: Keep stirring the pot and you'll be posting in six months on how to get a lawyer to defend your wife on a BON HIPAA violation.

One the hospital will 100% have electronic evidence she violated. They are not going to care about what "others" are doing. They are ONLY going to concern themselves with the case before them.

Some people, unfortunately, have to learn the hard way.

This is not about being a "company person". This is about being an experienced nurse, former manager, APRN, has sat on numerous committees and fully understands HIPAA policies are put in place for patient privacy protection...not to satisfy the curiosity of a nurse in the department. I am bound to it in my job just like any other healthcare professional.

My personal opinion is that your wife isn't telling you the full story either.

Jory, I think you are missing that when an employee violates HIPAA the employer is also responsible.

This is what I learned.

If I am wrong on this, someone correct me, but I am pretty sure employers are responsible in some way for an employee's hipaa violation. That's why they spend all that time and money educating. It's also why they discipline employees who violate.

4
Up Vote Up Vote ×
+ Join the Discussion