How serious is it if an employee accessed my personal and medical information without permission?

Dear Nurse Beth Advice Column - The following letter submitted anonymously in search for answers. Join the conversation!

Published  

Recently I had to check in as a patient while on shift related to an injury that occurred at work. Copies of my visit report were intercepted by another nurse from the printer and given to me. The report includes my name, address, DOB, phone number, SSN, next of kin, insurance information, as well as all of my medical information past and present. It is documented on top of the paperwork who printed the copies and at what time. This particular employee did not have permission to access my chart and should not have done so in her role. I did confront her and she denied printing my information. How serious is this? I am very upset and the employer is aware. 

Share this post

+ Add A Comment

7 Answers

Specializes in Tele, ICU, Staff Development.

This is serious, and it's understandable to be upset. It violates your trust and privacy, not just from the individual involved but also your workplace.

It involves a potential violation of patient confidentiality and HIPAA (Health Insurance Portability and Accountability Act).

Your personal and medical information should have been accessed only by individuals with the proper authorization and for the specific purpose of your care. If the person who printed your records had no legitimate reason to access your chart, this could breach privacy and lead to disciplinary actions or legal consequences.

Here's what you can do:

  • Document everything. Record the events, including dates, times, and any conversations you had with the employee and your employer.
  • Follow up with your employer. Since the employer is already aware, make sure they are taking the appropriate steps to investigate the situation. This might involve reviewing security logs, such as who accessed your chart and when, and whether the employee's actions were within their role.
  • Request a formal investigation. Your employer must formally investigate this matter to determine whether any HIPAA violations have occurred and to prevent future privacy breaches.
  • Know your rights. Under HIPAA, you have the right to be notified if your information has been improperly accessed. If the employee's actions violated HIPAA, the hospital or healthcare provider may be required to inform you.

Knowing that your employer is taking the situation seriously can help alleviate feelings of upset and betrayal. 

If your employer acts swiftly, investigates the breach thoroughly, and ensures that corrective measures are taken (whether disciplinary action against the employee or stricter protocols), they value your privacy and take these breaches seriously. 

It's all about accountability—if you see your employer holding individuals accountable and taking steps to protect your information, it can go a long way in helping you feel validated and respected.

Best wishes,

Nurse Beth

If this had happened at my hospital, the person(s) responsible would lose their IT access and would effectively lose their job as they would have no way to access medical records.  Would take about one day or less.

should be simple enough for management to know if she was in your chart of just found your papers on the printer, of course if she opened your chart they'll be obligated to at least discipline if not terminate her

Specializes in Physiology, CM, consulting, nsg edu, LNC, COB.

This is a clear HIPAA violation if this staffer was not involved in your care or had other valid reasons to access your PHI, like for insurance verification. Report this immediately to the facility risk manager in writing (keep a copy) to document this, and they'll take it from there with mandated reporting to OCR, etc.

Agree with what everyone else is saying, assuming I'm understanding this correctly. But to clarify, what do you mean by "intercepted from the printer"? Did this nurse actually open your chart and print the documents in question, or did someone else who was authorized to do so actually print them and this nurse picked them up?  If it's the latter,  is it possible that he or she was printing something else and your paperwork happened to be mixed in?  I'm by no means excusing a potential HIPAA violation, but just trying to make sure I understand exactly what occurred.  I agree that a nurse who wrongfully opened your chart or even intentionally looked through your discharge paperwork should be investigated and disciplined.  But I'd hate for the same to happen to a nurse who inadvertently saw your paperwork. Especially if like my old job the printer collates three different patient's documents at the same time!

Specializes in Geriatrics.

If I'm understanding it. Another nurse found your papers on the printer and gave them to you. She is not the one who printed them, she just found them. The software of course notes on it what user accessed the files, usually prints it on the papers. So you confronted that person and they denied it. I would turn it in, either they did print them or someone else has access to their Sign in. Either way , it needs investigated.

IMHO: Report it immediately. 

+ Add a Comment