Is this a HIPAA violation?

I wonder if every morning at shift start, if some facility HIPAA staffer has to run an audit of all chart entries in the last 24 hrs or so. Just to review if all the entries were legitimately permitted. Like OP's entry might have come up 'flagged'.

It's such a shame that HIPAA has become such the monster that is has. But the underlying reason is to protect information for all. So it is imperative for all employees to KEEP OUT chart records unless for some real legit reason. C

'Curiosity is what killed the cat'.

OP - I hope nothing serious comes out of this search for you.

And welcome to AN.

On 3/26/2021 at 7:04 PM, guest0000005 said:

My hospital uses Epic (I’m fairly new to it). I have searched my name before and it flagged me. When I explained I was simply searching my name (out of boredom, and to see if I was even in Epic’s system) and not actively in the chart, the problem was pretty much let go. So my question is, does it violate HIPAA to search a name if you’re not double clicking into the chart and accessing it? I’ve known nurses to do that just to see if (for example) one of the patients we transferred was now deceased. Still, without actually accessing the chart. 

The bottom line is that about the time you are asking whether something is a HIPAA violation, you should understand that there's a good chance it's a violation of your facility's privacy practices or various policies or is just bad optics. So don't do it.

Boredom and curiosity are both very bad reasons to be messing around in the EMR platform.

This is really simple: Do your job and forget the rest.

At our hospital we're allowed to look at our test results but not allowed to print them.  We're also allowed to look at minor children (under age 13 I think), but not spouses or older children.  We also have mychart, where you can access all of your labs & tests.

I was working at a hospital when they changed over to EPIC.  During the extensive training they warned us repeatedly to never search our own name because that would automatically generate a violation report.  I was glad I was there when they began with EPIC because we did get great training.  Basically, the rule was only search for the patients currently under your care.

Might not technically be a HIPAA violation but could violate your employer’s privacy rules. At my orientation (we use Epic also) we were told to NEVER access our chart or any immediate family member as that is an immediate firing offense. Some places consider the fact that you have an account created in Epic to be too much info because it means you’re a pt with that facility. In fact, I had a coworker get fired for checking her dad’s lab results even though he’s a pt with our practice; she should have had a coworker look. 

My guess is that medical secretaries/receptionists have access to much information on everyone and can easily access it at some clinics. In detail. Sometimes the faxed orders are seen and other papers too. I think this is ubiquitous. Speaking as a patient.

  In my hospital, the medical records office did not know how to serve me when I asked to see my own record. Like it was too secret even for me.

I remember being taught in nursing school that it is most definitely against HIPAA to look up your own name.

My facility sends the most absurd emails and they usually include the line “due to HIP PA ” (and yes, that spelling is often included and that’s when you realize the author doesn’t even know what HIPAA contains). It has become a way for a facility to police behavior- they just announce that something is “due to HIPAA” and they know everyone will accept it. 

On 3/30/2021 at 7:09 PM, CommunityRNBSN said:

“due to HIPAA”

LOL. We probably couldn't have water at the nurse's station because of HIPAA. Wait, that was Jake-o. Or, um, OSHA. Maybe the fire marshall.

Who knows. It was somebody though. Somebody said it.

Or....not.