Nurses General Nursing
Published Nov 16, 2010
CaptKris
116 Posts
I'm going into nursing school and from what I've read so far this HIPPA privacy bit is like serious business. Yet where I worked previously, I couldn't find anyone to take it seriously. While going through nursing school, I'm working for a diesel engine rebuilding company, and on a weekly basis we receive medical faxes. It seems the local lincare's fax machine is one digit off from ours. xxx-2855 vs xxx-2885. We get their faxes constantly. These faxes included, drug scripts, patient registration forms, patient SSNs, patient medical ID#, itenerarys (ie. Patient is leaving this address in cleveland and is flying into town on x date for 2 weeks, need x and y installed), test results, etc.
So I've called the lincares that fax stuff to us and the local branch that was the intended recipient. The ones that faxed stuff to us told me I was lying and couldn't have made a mistake. Another said they were "deeply concerned" and that it wouldn't happen again. It happened again the next morning. So I called the local lincare after I googled where they were and their number. The manager was "seriously concerned and will look into it". I faxed him copies of everything and he was going to call me back when he fixes the problem. 30 minutes later he calls back "Oh it was just a simple isolated case of human error, nothing to get worked up about, but if it happens again, just refax those onto me, and if you could throw those copies away" Needless "simple human error" happens about once every week or two. The manager didn't even want to drive 5 minutes down the road to get the faxed records. Just trusted us to dispose of them. So I've been saving them. I've got a stack of faxes about 3/4" high from the past three months.
So I looked up some number for florida's health department to call them, there's no "Hippa reporting hotline" that I can find. I got transfered from like desk to desk about 5 times. Got some state employee who assured me it was just "Human error and they couldn't do anything if the fax originated from out of state" and that "I needed to call that states department".
I'm just half tempted to show up at these patients houses and hand them their medical records and tell them what happened. I'd imagine if someone showed up at your front door with your name, address, DOB, SSN, etc I'd be pretty ******.
So what is the proper way to get someone to give a crap about this???? Obviously neither side is "deeply concerned" or the problem would be fixed. I would imagine the patients would be deeply concerned. I also don't want to jeopardize anything with my schooling. Like get in the news and be known at a rat/troublemaker or something. Is there any HIPPA hotline to call where people give a crap or is this just the norm?
Davey Do
10,605 Posts
CaptKris:
Well, you're doing everything which could be reasonably expected of any concerned individual.
The most that could be reasonably done would be to notify the faxing entity of the communication error and possibly note the contact info (names, titles, date, time) on the cover sheet. Perhaps you could contact an Administrative Official at the Institution. Put the Scare of the Cofidentiality Breach God into them.
Distroy the confidential information. Isn't it said that pocession is 9/10's of the law? Or something like that.
There's usually a disclaimer on the face page about communications sent in error.
Anyhoo... Good luck to you.
Dave
RNandRRT
398 Posts
If you're going to care about something, care enough to know what it is that you're caring about:
HIPAA-Heath Insurance Portability and Accountability Act
Not HIPPA
Thank you.
If you're going to care about something, care enough to know what it is that you're caring about:HIPAA-Heath Insurance Portability and Accountability ActNot HIPPAThank you.
Hadn't had my coffee yet... I'll be sure to fix that..
Finishing my second cup now. Cheers.
belgarion
697 Posts
if you're going to care about something, care enough to know what it is that you're caring about:hipaa-heath insurance portability and accountability actnot hippathank you.
hipaa-heath insurance portability and accountability act
not hippa
thank you.
op, i think you just found out what is most important.
hopefully this is more helpful. try going to [email protected]. hipaa is under control of the health and human services dept. you may get more info there.
if you want to let the patients know what happened, you could always mail the faxes regarding their cases to them along with a note explaining how you got them and that they have the right to pursue a complaint against the senders for giving their private information out. i don't know that i would necessarily give them your name or put a return address on it though. this could still lead to you having to answer some tough questions about why you had this info to begin with.
Suethestudent
127 Posts
Fax it back to the originating number with HIPAA VIOLATION written in huge letters over every page. In fact I would send it on an hourly basis just to be sure you get their attention.
BluegrassRN
1,188 Posts
Please dispose of the info RIGHT NOW. You were asked to do so. Many faxes have face sheets that state something to the effect that if it was faxed to you, destroy immediately or face criminal penalties.
You want to make a big splash with the info? Because it seems like that is what you're looking for. Then take the stack of papers down to the CEO of the company, and place them on his/her desk. Heads will roll, for sure.
Don't scoff at the issue of human error. What if one of the company's phone lists accidentally listed your fax number? We have lists of frequently used phone and fax numbers on cards in our badge holders. If hundreds of employees were issued that, it will take *forever* to get the word out to destroy them and use the new number. Or if 50 fax machines were mis-programmed with the wrong number, it takes time to reprogram them. If they are manually typing in numbers, and hundreds of fax numbers are typed daily, then it isn't far fetched to think that someone might occasionally press the wrong number.
Privacy *is* taken very seriously, and the company should be made aware that it continues to happen. How can they fix it if they don't know? If you called, talked to them twice, the second time they called you back and said they addressed it, how do they know they *didn't* in fact fix the issue if you don't call them again.
Hold them accountable, for sure. Call, fax, or visit them directly. Ask them for their corporate compliance number (for reporting purposes). Do NOT, however, continue to keep the info, and do NOT give the info to ANYONE else, including the patients. That action is guaranteed to backfire on you, in a very nasty fashion. You don't deserve to be on the receiving end of some sort of legal action, but keeping the info or distributing it in any manner could set you up for that.
stefanyjoy
252 Posts
Please file a complaint.
http://www.hhs.gov/ocr/privacy/hipaa/complaints/index.html
I work in health insurance (while pre-nursing) and if this was happening in our department, the manager would be fired for repeated offenses of the employees. We take HIPAA VERY seriously. My company won't even accept/send faxed medical records anymore due to this reason, we only send it electronically via a secured system.
BabyLady, BSN, RN
2,300 Posts
I'm going into nursing school and from what I've read so far this HIPPA privacy bit is like serious business. Yet where I worked previously, I couldn't find anyone to take it seriously. While going through nursing school, I'm working for a diesel engine rebuilding company, and on a weekly basis we receive medical faxes. It seems the local lincare's fax machine is one digit off from ours. xxx-2855 vs xxx-2885. We get their faxes constantly. These faxes included, drug scripts, patient registration forms, patient SSNs, patient medical ID#, itenerarys (ie. Patient is leaving this address in cleveland and is flying into town on x date for 2 weeks, need x and y installed), test results, etc.So I've called the lincares that fax stuff to us and the local branch that was the intended recipient. The ones that faxed stuff to us told me I was lying and couldn't have made a mistake. Another said they were "deeply concerned" and that it wouldn't happen again. It happened again the next morning. So I called the local lincare after I googled where they were and their number. The manager was "seriously concerned and will look into it". I faxed him copies of everything and he was going to call me back when he fixes the problem. 30 minutes later he calls back "Oh it was just a simple isolated case of human error, nothing to get worked up about, but if it happens again, just refax those onto me, and if you could throw those copies away" Needless "simple human error" happens about once every week or two. The manager didn't even want to drive 5 minutes down the road to get the faxed records. Just trusted us to dispose of them. So I've been saving them. I've got a stack of faxes about 3/4" high from the past three months. So I looked up some number for florida's health department to call them, there's no "Hippa reporting hotline" that I can find. I got transfered from like desk to desk about 5 times. Got some state employee who assured me it was just "Human error and they couldn't do anything if the fax originated from out of state" and that "I needed to call that states department". I'm just half tempted to show up at these patients houses and hand them their medical records and tell them what happened. I'd imagine if someone showed up at your front door with your name, address, DOB, SSN, etc I'd be pretty ******. So what is the proper way to get someone to give a crap about this???? Obviously neither side is "deeply concerned" or the problem would be fixed. I would imagine the patients would be deeply concerned. I also don't want to jeopardize anything with my schooling. Like get in the news and be known at a rat/troublemaker or something. Is there any HIPPA hotline to call where people give a crap or is this just the norm?
Before you make a mountain out of a molehill, understand that it is not a HIPAA violation for honest mistakes to be made...that is not the purpose of HIPAA.
It usually states in the cover page that the information is confidential and that if you unintentionally receive it in error, you are to destroy the document.
Considering you are getting it from several sources, you are doing the right thing by calling the business back and making them aware.
But don't blow it into something that it is not.
Cat_RN, ASN, BSN, RN
298 Posts
OP- get rid of that stack of information. You're going to hang yourself in the process here. Shoot yourself in your own foot with trying to string up someone else.
Come on, can't you just be the honest person you're trying to promote and simply shred the HIPAA sensitive materials before even lifting the cover sheet? You'd see it's coming from the medical facility, right?
Batman25
686 Posts
The fact that you are keeping the info disturbs me just as much as the people who keep sending it. Shred the docs at once as instructed. That is what you should be doing. Don't make a bad situation worse.
If it happens again call the company and ask to speak to someone in Risk Management. Fax them a copy and let them know what is happening. That should resolve it in a jiffy.