HIPAA Violation as a student

Published

Good morning everyone and Happy Easter! I would like to know what the penalties are for a student breaking HIPAA. I have a classmate that was caring for a patient at her clinical site that had to be transferred to another facility for heart related health complications. The student happens to be a tech at the hospital where the patient was transferred (not on the same unit where patient was admitted). A few days ago when she went to work, she started posting on our class FB page detailed information regarding the patient's condition and what the cause of their complications were; pretty much stating that the nursing staff were at fault. She was posting info such as labs and other info that as a tech I have never had access to. This is an issue and I know that she could get into a lot of trouble and possibly get kicked out of the program. I don't want to be responsible for ruining anyone's career, but I want to do the right thing. Any advice would be appreciated!

Specializes in Emergency Nursing.

I agree with other posters who say to screenshot it and send it to the dean/director of your nursing program and let them decide how they wish to handle it. This person's behavior is unprofessional, likely illegal and is not consistent with that of a nursing student/future nurse. Imagine that was the health information of someone that you love/care for, would you want this person to post it on the internet for all to see?

And yes, once you have the screenshot and send it to the dean/director then I would unfriend her and be done with it.

!Chris :specs:

Up Vote Up Vote ×

Oh honey, I'm sorry you are in this mess!

I just recently finished nursing school and I have had similar situations. The only thing to do is tell someone. I know it feels like a betrayal but you have to stand up for your patients. It is a valuable lesson learned early. You should be able to do this anonymously, so she can't retaliate. Good luck

Up Vote Up Vote ×

I'm not disagreeing with anyone here, at all, but just curious- did she post the patient's name or any identifying info? And was she part of the care team at the new hospital? If she didn't give away any identifying info, and had reason to have access to the labs, I wouldn't throw her under the bus just yet, for a HIPAA violation anyway. But I do think it's highly inappropriate to talk about the nurses at her workplace in that way. There is probably a hospital policy about that.

If she posted a name or accessed the records without permission, by all means either warn her to remove it ASAP or report her.

Up Vote Up Vote ×
I'm not disagreeing with anyone here, at all, but just curious- did she post the patient's name or any identifying info? And was she part of the care team at the new hospital? If she didn't give away any identifying info, and had reason to have access to the labs, I wouldn't throw her under the bus just yet, for a HIPAA violation anyway. But I do think it's highly inappropriate to talk about the nurses at her workplace in that way. There is probably a hospital policy about that.

If she posted a name or accessed the records without permission, by all means either warn her to remove it ASAP or report her.

Why would posting lab results and blaming nurses on a student facebook group ever be appropriate though? Let the administration decide if it's HIPAA or not, but regardless, this person is showing real poor judgement and a lack of professionalism.

Up Vote Up Vote ×

You must not have read what I said. I said that blaming the nurses IS highly inappropriate (though not a HIPAA violation). I don't see a problem with posting anonymous lab results though, IF that's what she did, and if it's for a learning discussion. Sort of like the case scenarios we did in nursing school.

Again, if she posted a name, or accessed I go she shouldn't have had, then THAT would be a HIPAA violation.

Up Vote Up Vote ×
You must not have read what I said. I said that blaming the nurses IS highly inappropriate (though not a HIPAA violation). I don't see a problem with posting anonymous lab results though, IF that's what she did, and if it's for a learning discussion. Sort of like the case scenarios we did in nursing school.

Again, if she posted a name, or accessed I go she shouldn't have had, then THAT would be a HIPAA violation.

If she wasn't posting identifiable information why would we be having this discussion in the first place? I worry that you are encouraging the original poster to "keep her mouth shut" when clearly this is a problem that needs to be addressed, whether it's HIPAA or not.

Up Vote Up Vote ×
Specializes in Pediatric Critical Care.

Did the people reading her post have enough info to know who's lab results she was listing? It seems so. That's HIPAA.

Up Vote Up Vote ×

Because some people misunderstand HIPAA and think it means any information about any patient. Since she or he didn't specify, I am just trying to clarify.

And no, I wouldn't tattle about just anything. Nurses need to work as a team, not be adversarial. It really depends on the situation.

Up Vote Up Vote ×
You must not have read what I said. I said that blaming the nurses IS highly inappropriate (though not a HIPAA violation). I don't see a problem with posting anonymous lab results though, IF that's what she did, and if it's for a learning discussion. Sort of like the case scenarios we did in nursing school.

Again, if she posted a name, or accessed I go she shouldn't have had, then THAT would be a HIPAA violation.

1. The OP states that the person posting the information was a tech at the facility where the patient was admitted, but she did not work on the unit where the patient was admitted. If she was not working on the unit where the patient was admitted, she did not need to access the patients info in order to do her job. Accessing PHI when you do not need the info is a HIPAA violation.

2. The OP states that the person is a tech (not a nursing student) at the facility where the patient was admitted. I cannot imagine why a tech would need lab info on a patient. Again a HIPAA violation.

3. The OP was able to identify the patient whose lab info was posted on facebook. Again a HIPAA violation - posting PHI to facebook!

4. The OP and everyone else on facebook did not need the info that was posted in order to provide care for the patient, because none of them were caring for that patient. The patient was not even a patient at the clinical site when the person obtained the patient's labs. They had been transferred to another facility.

There are some nuances to HIPAA. I grant that. I do not understand what is so hard to understand about NEED TO KNOW.

Do you need the information in order to provide care for the patient? No? Then do NOT look at the information.

Does another person need to know that information to do their job? No? Then do not share the information with them.

Up Vote Up Vote ×

I agree that this information needs to be reported for many of the same reasons already mentioned in previous posts. I would not advise to take a screen shot of the information and email it to anyone though. While it would be intended to help the school/hospital/patient, it would be sending that same sensitive information over the web. I'm not sure exactly where that would lie as another possible violation, but I worked for a company that did medical record audits and our site reviewers were not allowed to email us questions about the review using any patient identifying information. We had an internal made up number that was the only identification that they could use in email/voicemail correspondence

Up Vote Up Vote ×
Specializes in MCH,NICU,NNsy,Educ,Village Nursing.

At least two posters mentioned "throwing under the bus" the person who posted on FB patient info. No one is throwing her under the bus....by her own actions she is crawling under the bus. When we don't hold others accountable is when we as a profession begin a downward spiral.......

Up Vote Up Vote ×
In reality there aren't much consequences for breaking HIPAA. We had a nurse who searched through charts to find her ex boyfriends (who had a restraining order against her) found his number and started stalking him... He reported it she was fired and the BON made her take a class regarding HIPAA... She's still working as a nurse....

I, too, have seen individuals fired on the spot for HIPAA violations, no questions asked, no explanations/excuses accepted. Is getting fired not "much consequences"? Also, the individuals whose privacy was violated have the choice of reporting individuals to the Federal government, and the potential consequences can include large fines and Federal prison time. I believe that things rarely get to that point, but, still, the risk is there.

Up Vote Up Vote ×
+ Join the Discussion