I messed up

Published

UPDATE: Changes: New Log In Requirement

I messed up, but to what extent I not sure. Yesterday I had a job shadow at my hospital that I work at but on a different unit. One of my main questions was the charting requirements (very different areas of nursing, very different requirements). The person I was with had me log in and showed me how to navigate the 'brain' part of EPIC, as well as how to find the patients that we were assigned/make your patient list.

 

Everything was going fine and I was observing the day to day flow of the unit but then towards the end it dawned on me that I probably should not have been logged in earlier since I was not technically on the clock that day. I immediately expressed my concern to the nurse that I was with and they reassured me that it would be OK since it was for educational purposes. They basically explained that I was going to know the patient information regardless (because I could see their computer clear as day and they were showing me everything). For what its worth, I did not complete any actual charting, they just showed me how to navigate the screen and find the patients. Despite their reassurance, I logged out as soon as it dawned on me that I was off the clock.

 

I am freaking out about this now, worried I am going to get in trouble for a HIPAA violation. I left a message with the compliance department but have yet to hear back. I want to take accountability and self-report this as it was a genuine mistake and I am worried that the computer will flag it or something. I feel like an idiot and should have known better. I have been at institutions prior where I have seen coworkers paid for shadowing in other departments so this may have been partially why it slipped my mind so easily. I am so anxious as I wait to hear back. How screwed am I? I take my job seriously and uphold HIPAA in every way which is partially why I am so nervous regarding this mistake.

1
Up Vote Up Vote ×
Specializes in Med-Surg, Developmental Disorders.

You did everything right. You only accessed the charts as necessary for your shadowing. And you messaged the compliance department so people will understand why you were in the chart if this is noticed and someone questions it. There's no logical way you can get in trouble for this. I do wonder why the hospital you work at didn't have you clock in for shadowing/training on another unit.

4
Up Vote Up Vote ×

Agree with comment above. Beyond that I would not go overboard in professing how much (you think) you messed up. You don't need compliance people going scorched earth over something in which the spirit of HIPAA has not been breached. I would take the tack of letting them know why you were in the charts and nothing more. 
 

5
Up Vote Up Vote ×
sideshowstarlet said:

You did everything right. You only accessed the charts as necessary for your shadowing. And you messaged the compliance department so people will understand why you were in the chart if this is noticed and someone questions it. There's no logical way you can get in trouble for this. I do wonder why the hospital you work at didn't have you clock in for shadowing/training on another unit.

Yes agree, that was my question.  You'll be fine about accessing the chart for educational purposes for your job, how else would you know which questions to ask.   Most importantly, how long were your up there shadowing?  Was this a full day's work and why didn't you get paid for this?  

3
Up Vote Up Vote ×
Specializes in ED, Informatics, Clinical Analyst.

As an EHR analyst by trade, I will add that it is always preferable to show someone how to do something logged in as that person. Epic allows tons of customization and different types of users have different workspaces. If I show you how to do something logged in as me, it may not translate. I need to see what you are seeing in order to help you properly.

Up Vote Up Vote ×
Specializes in Emergency Department.

I would say that as long as the shadowing is an approved activity for you to do and you're doing the shadowing as your local program (whatever that may be) says you should be doing it, you're not going to get into trouble for the activity. The fact that you alerted your compliance people about the activity, even after the fact, is at least a means for you to explain you being logged into the network and accessing patient charts "off the clock." You're being shown where certain specific department/unit stuff "lives" in the system and the most accurate way for you to see how it is presented to your account is to see it in a live environment. The data/info doesn't matter... but how to get there does. Of course, you're still held to privacy rules just as if you were on shift and accessing charts. 

Now if the shadowing was informal and not an approved/accepted activity at your facility, then you might have a problem. 

Up Vote Up Vote ×
+ Join the Discussion