HIPAA violation and future employment opportunities

I would not resign.HIPAA violations are reported to the Department of Health and Human Services' Office for Civil Rights (OCR) .Your facilities compliance officer will determine if if it is a reportable breach .Many minor errors made in good faith are often not even reported.Also what matters is if the breach caused harm.Its not like 50,000 medical records got into public hands or insurance fraud was committed.Serious violations may result in disciplanary action from employer or BRN.Willful violations,such as theft of PHI for personal gain or use can result in criminal penalites.So you will not lose your license,you may lose your job,you will probably hear nothing from the OCR or your BRN because they are too busy for such small incidents.Not saying its not bad ,but it effects only one person and seems little harm was done.

Boy OK people throwing you under the bus over here.

Inflammatory display of poor understanding/reading comprehension.

Throwing under the bus has to do with basically sacrificing someone to preserve oneself.

We are neither involved in this nor have any reason to lead this poster astray. We just don't know exact answers, as has been clearly stated on this thread. Honestly I think quite a few have given replies of warning/concern/advice as best we possibly know, which, in accordance with the TOS, is not and is not meant to be any type of legal advice whatsoever. The overall recommendation has been to seek legal advice.

I personally would not like to see someone have severe difficulty as a result of a second of bad judgment that results in a questionable degree of harm.

Just curious about this situation. What do you mean "he answered a question"???

He was dismissed from school because of an incident where he confirmed that a patient was, indeed, admitted to the floor where he was doing clinicals.

You cannot confirm, apparently, that someone is or is not in the hospital. Period. He didn't (he says) go into the status of the patient or anything like it. He claims....he simply confirmed that Joe Schmoe was indeed admitted to the ward....to a neighbor. Not a family member (which still would violate HIPAA) and not within the hospital walls.

Apparently---that neighbor showed up at the hospital---I don't know what happened specifically, because when this neighbor showed up (most likely out of kindness, but I could be wrong)---they identified the nursing student who gave out the information...and the rest is history.

Leave work at work is the lesson. If you would not like someone nosing into YOUR chart, don't do it to someone else. It's not yours or anybody else's business WHY or even IF I am in the hospital. If I choose to TELL YOU, then I will.

This day and age of "I'll just find out whether you want me to know or not" is sickening. I am all for busting anybody who does this right down to Chief Toilet Scrubber for the local prison. My business is MY BUSINESS.

I've watched RNs look up convicts that are patients. Right in front of everyone. Yes. That information is public access. But NOT in the path of care. It doesn't matter whether that guy is a rapist or he's in for growing 12 pot plants. I don't care, and it's nobody's business because it does not direct their plan of care.

I hate to be harsh, because I was fairly gentle up above in my response to the OP. But these youngsters nowadays seem to think social media is reality. And there is no repercussion to violating someone's privacy. I can say...I hope that anybody who is a victim of Nosy Nellie News Toter on staff....gets their butt fired and fined. Keep your nose out of other people's business unless it is directly yours.

This is no small scale violation.

It does not matter that your friend is okay with it. It's against hospital policy and the law, if I'm not mistaken. It's okay for your friend to randomly bring up to you that she was a patient at your facility. It's not okay for you to look at her chart unless you directly cared for her, even then it's only appropriate to look at the things related to the care you are providing. If she has an infected hang nail, that's what you are allowed to have access to. It would be wrong to peruse her chart for the STI she was treated for 2 weeks ago, etc. Always ask yourself if the information you are reading is pertinent to the care you are providing? If it isn't, don't read it.

That's it.

On ‎12‎/‎3‎/‎2018 at 12:40 AM, kcurry90 said:

Not to sound nieve but what benefit would an attorney be in the situation? I am not trying to dispute the claim or save my current job. I cannot imagine this is something that would land jail time or anything of that nature. From what I have read, once the compliance officer contacts the individual whose info was accessed and they claim no harm has been done then the investigation more or less stops. Of course I know this gets reported somewhere but can't imagine this is a case where my license could be on the line.

You broke a federal law. That is not a trifling matter. You can be prosecuted for this, and your license definitely could be on the line. Whatever your intentions, you knowingly violated the privacy rights of the person whose chart you reviewed. Whether you knew this person or you told this person later what you did is irrelevant. You did not have permission at the time to review the chart, and as you were not the one delivering care, you had no need to know.

The friend who supposedly got thrown out for confirming a patient was currently at the hospital - that shouldn't be correct. You can't confirm a past admission, nor anything about the admission, including what service they've been admitted to, but just like they could call the hospital and ask if a patient was admitted there, it is available information. I'd be highly suspect there's more to the story.

8 hours ago, LilPeanut said:

The friend who supposedly got thrown out for confirming a patient was currently at the hospital - that shouldn't be correct. You can't confirm a past admission, nor anything about the admission, including what service they've been admitted to, but just like they could call the hospital and ask if a patient was admitted there, it is available information. I'd be highly suspect there's more to the story.

Which is why I said, "so he claims".

I didn't agree with it, because I knew the guy--and he was absolutely devastated. There were other factors in play, which had zippo to do with whether there was a "HIPAA" violation or not. The clinical instructor didn't like him--she had made accusations about other people in the past, that were unfounded and destructive.

Her thing was to "divide and conquer". Set everyone against each other. She'd call one in, act the friend/concerned counselor...get information about maybe if that person was having difficulty--maybe being bullied, maybe seeing cheating, maybe being pressured to do projects for others (it happened all the time)--and then turn around and call the people who were alleged perpetrators of these things in---and start a war. She'd stir the pot, stand back---and watch the fur fly.

The guy never recovered from it--he quit and he never returned to any nursing school. I know if I had understood that this instructor is one of many in "elevated positions" of power---I also would never have gone down this path.

I've said it before and I stand by my assessment---nursing school is not to teach nurses to be nurses, it's to teach the how to pass one exam, the first time--so that the school can keep their accreditation. If they taught nursing, then there would be no need to have a "nurse residency" for a med-surg floor, for an entire year, or even six months. I agree "ORIENTATION" to a unit is necessary, but the idea that a nurse has to come in, take 8 weeks of classes in....oh.....BASIC NURSING....go thru "skills testing" for even the simplest of things like donning/doffing PPE or checking VS....it's absurd.

This micromanaging and ruling by fear technique is very common in the hospital setting---I don't know how it is in outpatient or homecare or LTC---but it seems to me that administrators are pushing harder and harder on these ridiculous policies--while their own violations are going unchallenged---i.e. HIPAA violations and having to care for patients in the hallway for two days getting treatment.

I was wondering what you guys think about possible upcoming data solutions to accidental HIPAA violations? I’ve come across a few data companies that are actively involved in trying to make the best data security solutions to keep HIPAA compliant. Some of the most interesting at the moment have been infoVia, DataRebels, and Data Vault. It’s a bit over my head to explain, but it seems there’s a growing movement to both ‘free-up’ a company’s data, like the way they share it throughout the organization while protecting it very closely. it’s been a really interesting conversation going on, one I think businesses like hospitals and insurance groups need to have. One of the most helpful breakdowns of these I could find is infoVia’s that I wanted to share and have your thoughts on. Do you think it’s got some legs to it? https://info-via.com/infosecur/

On 1/2/2021 at 4:09 PM, Hannahbanana said:

First, OCR goes after institutions and companies in the business of delivering or paying for healthcare, NOT individual nurses. The institutions are responsible for seeing that their employees are compliant with the laws. The Feds will NOT be knocking at your door.

It seems there are various ways that individuals may be held accountable for their actions, including the possibilities of fines and jail time, although these seem to be (very?) rare situations with significant egregiousness involved.

Is that not correct?

On 1/2/2021 at 4:35 PM, kmcd90 said:

Nothing was ever reported to the BON. I wasn’t fined. Wasn’t sued. My license is clear. My life went on. I know what happened was serious, and trust me I have learned from it. 

Excellent.