Jump to content

Hipaa violation and interview

Posted
by Edubs1023 Edubs1023 (New) New

Hello all

i am having an issue with my current employer. I Had checked a patient record (which happened to be a family member who asked me to look at catscan results) at the time I felt a bit uneasy about it, but said family member was so worried and upset about not knowing results, I looked it up anyway. ( I 100% understand now that it was wrong). In any event, it was flagged in the system that I have no business relationship to this particular chart. They asked for an exPlaination which I gave via writing,I told the absolute truth, and family member stated to give them telephone number and family member would be willing to go in and attest that he/she indeed authoriZed me to look. Now I have a hipaa interview where I will be bringing my union rep. I am so scared of termination. Any thoughts? Thanks in advance all .

klone, MSN, RN

Specializes in Women's Health/OB Leadership. Has 15 years experience.

What is your facility's policy on unauthorized access? It should outline there what the disciplinary actions are. It's been my experience that termination, while possible, is usually reserved for egregious privacy violations (going into a patient's chart for malicious reasons or mere curiosity), but I would still expect to have a disciplinary action against you, such as unpaid suspension. Good luck and let us know what happens!

Thanks for your response. I just got through speaking with my boss and apparently my facility has recently been scolded because of its lack of discipline due to hipaa being a federal law. She's concerned they may try and make an example out of me. Well all I can do is try and bring some documentation, maybe a notarized letter from family member, and just pray for the best.

Throw yourself on the mercy of the court and you might get off with a stern warning. But if the facility has been getting dinged for HIPAA problems, they may not have any leeway to move on this, so be prepared for the worst.

They ought to have publicized their "scolding" to all staff; if they had done, perhaps you would have remembered to take your policy more seriously and told your family member no, and counseled him/her to consult his/her physician, the same as you would for any patient.

As you stated this was a HIPAA Violation. To understand what kind of response you can get, a few things to consider:

- Does your Facility have Privacy Related policies and Procedures? Have you been regularly informed about the policies?

- Have you been provided HIPAA training by your facility & have you been trained on their privacy policies & practices?

- Do they have written sanctions for violations? Check them out and see what applies to your situation. Have these sanctions been enforced?

You are all absolutely correct. I should have most definantly explained to family member that I was unable to look up anything due to hipaa, but too late for all that unfortunately so I guess my next question would be in your opinions, are all situations black and white? I know every facility is different but I'm thinking I may be treated the same as let's just say for example someone who looks up another's records and posts on social media, or uses the info maliciously. Apparently the trouble with my particular facility has been inter office affairs gone wrong. (you can all fill in the blanks) scorned lovers using their access to charts to defame another.

brattygrl

Specializes in Peds critical care. Has 15 years experience.

At our facility, you can get fired for looking at your own chart (and people have been).

If you want to see your chart, you have to go to medical records and request it that way.

I don't think a written letter of permission would get you anywhere.

klone, MSN, RN

Specializes in Women's Health/OB Leadership. Has 15 years experience.

Well, I can tell you from experience - it recently happened to me, unfortunately. My husband needed his BP meds refilled, and in order to do it online, you need the Rx#. So totally without thinking, I looked up his med reconciliation in order to get his Rx#s to refill his meds for him.

Even after pleading my case and having my husband send them a letter stating that he requested it and gave explicit permission, they still said it was black-and-white, no accessing family member records (our facility does allow us to access our own records, however). Lesson learned, no exceptions allowed. I consider myself someone with high integrity, and I didn't pause because it honestly didn't occur to me that looking up his Rx #s to refill his meds would be a violation.

While the policy was black-and-white, they did offer some leeway in disciplinary action (I could have been terminated, but instead I was given 2 days unpaid suspension, which is the minimum discipline required for this violation).

Like GrnTea said, throw yourself at their mercy and let them know it's something that will NEVER happen again, and you may be able to escape with your job.

It's a hard lesson to learn, but I certainly will never make a similar mistake again, and I bet you won't either. Good luck to you.

I absolutely would never and I mean never do this again or end up in this situation. If given the opportunity to keep my job I will be most grateful. I am however expecting the worse which would be termination. And then to have that stigma attached to your name, I just can't bear it. Well I have to accept the consequences I guess and pray that someone would be willing to give me a chance at another organization. Thanks for all your helpful responses.

Sorry to bother you with this, but I'm just curious what you put in the letter you gave to your employer regarding accessing your husbands medical chart. I am trying to put something together without sounding like I dont recOgnize it was wrong. Can you help me? I know the letter may not make much of a difference but if it will be the deciding factor between termination and suspension I'm aiming for the latter. Thanks in advance.

Sorry to bother you with this, but I'm just curious what you put in the letter you gave to your employer regarding accessing your husbands medical chart. I am trying to put something together without sounding like I dont recOgnize it was wrong. Can you help me? I know the letter may not make much of a difference but if it will be the deciding factor between termination and suspension I'm aiming for the latter. Thanks in advance.

Just the fact, ma'am, just the facts. And the last paragraph says what you are saying here: You are a new nurse, you were helping a family member with his permission, you realized too late that this was impermissible due to hospital policy, and you were devastated to discover this. You have learned a very serious lesson by making an error you will never, ever repeat, and you beg for mercy so this error will not mean the end of your career.

BrnEyedGirl, BSN, MSN, RN, APRN

Specializes in Cardiac, ER. Has 18 years experience.

This is the problem I have with employer interpretation of HIPAA. HIPAA was designed to protect patient information from getting into the wrong hands as well as offer guidelines to insure health information is shared with those who need it. Most hospitals have their own HIPAA policies that go way beyond the original intent. For instance, in this case, no one received this patients records that shouldn't have them. The patient asked, the patient was aware that the family member would indeed see his/her information while relaying to them. The information wasn't leaked to the media, wasn't accidently faxed to his boss or his nosey neighbors!! No one had access to his records that shouldn't have!

I was written up several years ago for looking up my minor child's strep screen results. I took my child to the pcp on Thursday, was given a Rx for an antibiotic with the instructions not to start unless the strep screen came back positive. On Friday the results weren't back to my pcp,..on Sunday I remembered that the pcp's office is closed on Monday,..so it would be Tuesday at the minimum before I got the results. I was at work and looked them up. When I was written up I was told that hospital policy required I go through Med Records "they would need to verify that I am indeed the childs Mother and that I have legal custody of said child." Interestingly enough later, when I went to Med records, I asked for the records, they gave them to me. No check of an ID, no request for legal documentation etc. This was in NO WAY a HIPAA violation. I feel bad for the OP,....hope you can work this out.

Just curious,...OP if I called you at work to ask about my own strep screen from yesterday, would it be within your job description to look it up for me?

Thank you for your response. To answer your question, I am an RN. If you called me up for let's say your strep results I could give them to you assuming I am directly involved in your care. I think what my facility is going to say and I'm just guessing here is that although the patient (my family member) gave me direct permission to access the chart, it's still considered unauthorized Access because this is not one of my patients. that is the only explanation I can think of. At the time I was not thinking of this but I guess hindsight is 20/20. Just hoping its not a career ender for me.

brattygrl

Specializes in Peds critical care. Has 15 years experience.

I'm sorry you are going through this. Good luck with everything.

Thanks very much. Your support is appreciated.

Just an update, they put off my Hipaa interview which was scheduled for tomorrow to a later date because I am on vacation this week. Date at present is unknown. Thank you all for your advice

Laurie52

Specializes in SICU/CVICU. Has 36 years experience.

This is the problem I have with employer interpretation of HIPAA. HIPAA was designed to protect patient information from getting into the wrong hands as well as offer guidelines to insure health information is shared with those who need it. Most hospitals have their own HIPAA policies that go way beyond the original intent. For instance, in this case, no one received this patients records that shouldn't have them. The patient asked, the patient was aware that the family member would indeed see his/her information while relaying to them. The information wasn't leaked to the media, wasn't accidently faxed to his boss or his nosey neighbors!! No one had access to his records that shouldn't have!

I was written up several years ago for looking up my minor child's strep screen results. I took my child to the pcp on Thursday, was given a Rx for an antibiotic with the instructions not to start unless the strep screen came back positive. On Friday the results weren't back to my pcp,..on Sunday I remembered that the pcp's office is closed on Monday,..so it would be Tuesday at the minimum before I got the results. I was at work and looked them up. When I was written up I was told that hospital policy required I go through Med Records "they would need to verify that I am indeed the childs Mother and that I have legal custody of said child." Interestingly enough later, when I went to Med records, I asked for the records, they gave them to me. No check of an ID, no request for legal documentation etc. This was in NO WAY a HIPAA violation. I feel bad for the OP,....hope you can work this out.

Just curious,...OP if I called you at work to ask about my own strep screen from yesterday, would it be within your job description to look it up for me?

The reason the employers place these restrictions on info is because while you can adequately interpret the info not everyone who is employed by the hospital can do so. Many people have access to medical records that do not have a medical background. As far as the OP situation is concerned, if the scan results were abnormal, did she have the knowledge necessary to adequately explain the implications of the results?

Wrench Party

Specializes in Cardiology, Cardiothoracic Surgical. Has 3 years experience.

I'm glad many facilities are now providing patients (and their families) access to their own medical records and tests via a separate system. It helps prevent this kind of unintended HIPAA violation.