I am currently under iinvestigation for a HIPAA violation at my facility. This was a one time occurrence, I had a friend in the hospital which I work at whom I hadn't heard from and was worried about so I quickly clicked her chart one night to ensure she was ok since I hadn't heard from her. She is aware I did this, this isn't anything I was trying to hide from her. (Please no nasty comments, as I've seen many people like to leave). I know what I did was wrong and have learned from this. I am currently 7 months pregnant and the stress this has been causing me is unmeasurable.
My question is, are all HIPAA violations reported to the board or some entity that is made public knowledge for future employers to find? I'm asking because I am considering resigning before they terminate me, since I am almost certain that is going to be the outcome. I feel since it was such a small scale violation it won't be reported, however I haven't been able to find any information on this online. Resigning always seems the better option, especially if this violation won't be made public for anyone to find out.
Specializes in Physiology, CM, consulting, nsg edu, LNC, COB.
3 hours ago, JKL33 said:
It seems there are various ways that individuals may be held accountable for their actions, including the possibilities of fines and jail time, although these seem to be (very?) rare situations with significant egregiousness involved.
Not exactly. HIPAA applies to INSTITUTIONS, not individuals. When a nurse comes asking if the Feds will be concerned with her behavior as an individual and gets feedback here that she will, that is erroneous. The Feds can penalize the institution, not the individual, under HIPAA.
An individual can always be sued as an individual if the aggrieved party can demonstrate damages (for example if a nurse tells somebody that her neighbor has been admitted for HIV, or plastic surgery, or anything else) revealing that which is nobody else's business and results in harm to the patient's reputation or privacy. This, however, is not HIPAA.
Not exactly. HIPAA applies to INSTITUTIONS, not individuals.
Well, it applies to institutions or individuals that bill certain ways for certain services. But yes, I understand that it does not apply to individual nurses.
I understand that HIPAA applies to covered entities.
My point was that matters like this could become serious (or at the least a ginormous PITA) based on things other than what "the feds" will or won't do. Covered entities are not known for being very gracious with any of their agents who have erred in a way that constitutes (or could be made to smell like or be remotely similar to) a HIPAA violation for the covered entity--not recently anyway. Sometimes they are aggressive for the sole purpose of making examples out of people and simply being straight up vindictive.
Nurses are fed baloney every day all across the country (mainly by their employers who are covered entities); the issues are oversimplified and nurses are purposely led to believe that any little thing they do could be a hanging offense. Same with the misrepresentations I've seen of EMTALA while working in EDs.
Your comments will probably help people better understand the nuances of some of this.
Specializes in Physiology, CM, consulting, nsg edu, LNC, COB.
@JKL33
Thank you for this, and for recognizing that I was trying to clarify. Namely, Federal penalty under HIPAA against entities (not individuals) is a completely different issue from institutions or organizations that feed baloney to staff nurses, and who bully, threaten, and fire them in the name of HIPAA without taking responsibility for the conditions that made it happen (if it was a PHI breach) or just because they can, if they want to.
Remember, all, HIPAA holds institutions and business entities, NOT individuals, responsible for breaches, so if their education, or controls, or systems aren't up to the task, it's on them. Using it as an excuse to rid themselves of a troublesome priest, as it were, is dishonest and reprehensible.
More -- no, ALL nurses need to know the difference. That's what a thread like this is for.
just wondering if the hospital you resigned from before being terminated changed your status to “not available for rehire” ?
When securing these new jobs/ interviews have you run into any difficulty with background checks or HR disclosing any information that could impact you landing the new jobs?
If you resign I assume that the previous hospital can only disclose employment dates and position and also follow up with previous managers. But can they disclose any of the HIPAA violation stuff you were going through?
But can they disclose any of the HIPAA violation stuff you were going through?
They really aren't barred from saying anything that isn't slander, which involves untruth. Many just limit their information disclosures to avoid potential legal headaches.
Hannahbanana, BSN, MSN
1,265 Posts
Not exactly. HIPAA applies to INSTITUTIONS, not individuals. When a nurse comes asking if the Feds will be concerned with her behavior as an individual and gets feedback here that she will, that is erroneous. The Feds can penalize the institution, not the individual, under HIPAA.
An individual can always be sued as an individual if the aggrieved party can demonstrate damages (for example if a nurse tells somebody that her neighbor has been admitted for HIV, or plastic surgery, or anything else) revealing that which is nobody else's business and results in harm to the patient's reputation or privacy. This, however, is not HIPAA.