How serious is it if an employee accessed my personal and medical information without permission?

Dear Nurse Beth Advice Column - The following letter submitted anonymously in search for answers. Join the conversation!

Published  

Recently I had to check in as a patient while on shift related to an injury that occurred at work. Copies of my visit report were intercepted by another nurse from the printer and given to me. The report includes my name, address, DOB, phone number, SSN, next of kin, insurance information, as well as all of my medical information past and present. It is documented on top of the paperwork who printed the copies and at what time. This particular employee did not have permission to access my chart and should not have done so in her role. I did confront her and she denied printing my information. How serious is this? I am very upset and the employer is aware. 

Share this post

+ Add A Comment

4 Answers

Specializes in Tele, ICU, Staff Development.

This is serious, and it's understandable to be upset. It violates your trust and privacy, not just from the individual involved but also your workplace.

It involves a potential violation of patient confidentiality and HIPAA (Health Insurance Portability and Accountability Act).

Your personal and medical information should have been accessed only by individuals with the proper authorization and for the specific purpose of your care. If the person who printed your records had no legitimate reason to access your chart, this could breach privacy and lead to disciplinary actions or legal consequences.

Here's what you can do:

  • Document everything. Record the events, including dates, times, and any conversations you had with the employee and your employer.
  • Follow up with your employer. Since the employer is already aware, make sure they are taking the appropriate steps to investigate the situation. This might involve reviewing security logs, such as who accessed your chart and when, and whether the employee's actions were within their role.
  • Request a formal investigation. Your employer must formally investigate this matter to determine whether any HIPAA violations have occurred and to prevent future privacy breaches.
  • Know your rights. Under HIPAA, you have the right to be notified if your information has been improperly accessed. If the employee's actions violated HIPAA, the hospital or healthcare provider may be required to inform you.

Knowing that your employer is taking the situation seriously can help alleviate feelings of upset and betrayal. 

If your employer acts swiftly, investigates the breach thoroughly, and ensures that corrective measures are taken (whether disciplinary action against the employee or stricter protocols), they value your privacy and take these breaches seriously. 

It's all about accountability—if you see your employer holding individuals accountable and taking steps to protect your information, it can go a long way in helping you feel validated and respected.

Best wishes,

Nurse Beth

If this had happened at my hospital, the person(s) responsible would lose their IT access and would effectively lose their job as they would have no way to access medical records.  Would take about one day or less.

Specializes in Physiology, CM, consulting, nsg edu, LNC, COB.

This is a clear HIPAA violation if this staffer was not involved in your care or had other valid reasons to access your PHI, like for insurance verification. Report this immediately to the facility risk manager in writing (keep a copy) to document this, and they'll take it from there with mandated reporting to OCR, etc.

IMHO: Report it immediately. 

+ Add a Comment