Lost job over HIPAA violation

Published

I was terminated from my job for a HIPAA violation. Basically I looked in the chat of a patient that a CPR was called overhead for as I worked in ICU and was up for admission so it was likely this patient would come to me. This is something I have seen many others do as well. After the pt did not come to my unit I re opened the chart just to see what the outcome had been (stupid move on my part I know, and I guess in my mind I figured I had already been in the chart once so what did it matter?) Anyways the patient did not survive and it ended up becoming a sentinel event. The hospital of course audited this patients chart and began investigating anyone who accessed the chart (myself included). I knew they were meeting yesterday and was a wreck at work all day. After my shift, I was called to go to HR where they terminated my employment for violation of HIPAA regulations. My previous employer said they would not disclose that information to potential future employers, but that they were required to report it to the State Board. What can I expect to happen? This is my first offense, and I have a spotless license up until now. Will I lose my license over this? Is it even worth it to start looking for jobs right away? I am physically sick over this whole situation, I have not been able to eat in 2 days, and now I cannot stop crying.

Please no criticism, I have been beating myself up over this enough. I know what I did was wrong and stupid and I deserve what happened. I just need to know where I go from here.

Specializes in Psych (25 years), Medical (15 years).
3 hours ago, JKL33 said:

Let's be real - the fact that there was a sentinel event associated with the case in question is not coincidental to the handling of this nurse.

True, access was not necessary, but the information seen was not breached, like if it was leaked to public media. A slap on the wrist seems more appropriate.

Case in point: An ancillary employee at Wrongway coded and died on the medical side. The patient's info was accessed by some nurses from geriatric psych, one being an interim supervisor.

Wrongway administration handed out slaps on the wrists and made it to where the psych division of Wrongway cannot access info from the medical side.

Don't throw the baby out with the bathwater.

1
Up Vote Up Vote ×
5 hours ago, Davey Do said:

Yeah, this is way outside of my realm of understanding.

I access potential patients medical info all the time for continuity of care and in order to streamline the admission process.

In my way of thinking which I take full responsibility for, a lot of this HIPAA stuff sucks rocks.

I am behind patient confidentiality 100% but if healthcare workers are being terminated for just accessing a potential patient's chart, then I'm through with this BS. I am really sorry this happened to you, MInurse.

It seems the HIPAA philosophy is interpreted as, "If there is a potential to breach confidentiality, then confidentiality is breached" like if you own a handgun, then you are a murderer.

Sheesh!

I'm absolutely with Davey on this one! As nurses, we are taught the importance of continuity of care and the free exchange of relevant information among caregivers. If enforced, this reductionist interpretation will effectively tie the hands of those proactive few who dare to 'think outside the box' to deliver better patient care. Sheesh is right!

3
Up Vote Up Vote ×
On 2/26/2019 at 10:46 PM, JadedCPN said:

Please help me understand this logic? Why should the hospital be held accountable for allowing a nurse to access a patient's chart?

The hospital is responsible for the patient. The nurse is just the worker. I couldn't care less about people's charts. But I need information so I can complete my job. They admitted the patient. If you screw the nurse, how are they to get any work done? I have to say again since there is a lack of understanding, I couldn't care less about people's charts.

Up Vote Up Vote ×
1 hour ago, fibroblast said:

The hospital is responsible for the patient. The nurse is just the worker. I couldn't care less about people's charts. But I need information so I can complete my job. They admitted the patient. If you screw the nurse, how are they to get any work done? I have to say again since there is a lack of understanding, I couldn't care less about people's charts.

I agree, however, HIPAA violations occur because a few individuals access protected information when it is not necessary for them to effectively do their jobs. I too have no desire to peek into neighbors', family's, friends', community members'.....charts, but some people lack discretion and let curiosity get the better of them. That said, there are also some situations, (such as the one described by the OP), in which nurses, while being proactive, attempt to legitimately gather info. and enter into 'gray areas' of HIPAA.

1
Up Vote Up Vote ×
Specializes in CCU, SICU, CVSICU, Precepting & Teaching.

Where I work, we're in patients charts before they come to our unit regularly. While they are in the OR, we "set up" the electronic chart with the drips they're on, the vent settings we anticipate, the treatments they're likely to require -- dressing changes, etc. It takes so freaking long to set up the electronic chart that if we waited until they got to the unit, we wouldn't be able to chart their admission vital signs, drip rates, etc. for half an hour or more. So yes, we're charting on patients we don't even have yet.

I think the problem is that this became a sentinel event, and they were looking particularly closely at this chart. I hope the OP was given an opportunity to explain why she accessed the chart in the first place.

3
Up Vote Up Vote ×

From my experience, in situations where someone is fired over a technicality, they were looking for a reason to fire the person. Usually political.

1
Up Vote Up Vote ×

I think it was the second “look-see” that did the OP in. The first could easily be seen as continuity of care since she was next up for getting an admission. The second one appears more out of curiosity and since this was a sentinel event the boundaries were a lot tighter. What a distressing situation.

8
Up Vote Up Vote ×
Specializes in Hospice, corrections, psychiatry, rehab, LTC.
On ‎2‎/‎27‎/‎2019 at 5:04 AM, klone said:

It likely wasn't the first access that got you in trouble. It was the second access, due to idle curiosity about the patient's outcome. At that point, you knew you were not going to be getting the patient, so there was no "need to know."

IMO this is a critical point. One thing that puzzles me, though, is what specific occurrence during this whole situation caused the hospital to research who had accessed the record in the first place.

In my state, if this were to happen to me, my BON would likely give me additional CEUs to finish that involve confidentiality of records.

Up Vote Up Vote ×
Specializes in Critical Care; Cardiac; Professional Development.
On ‎2‎/‎27‎/‎2019 at 8:14 AM, JKL33 said:

In the various ways it is leveraged, yes it does.

[Lengthy rant erased!]

Let's be real - the fact that there was a sentinel event associated with the case in question is not coincidental to the handling of this nurse.

Exactly this. Lawyers are going to be crawling all over this patient's chart and likely all over hospital procedures, processes and policies. The hospital has to show it took action on every potential point of incompetence and every point of necessary process improvement.

The first access did not cause this. The second access did. All of privacy is now on a "need to know" basis. The OP didn't need to know this patient's outcome and therefore broke the law. The hospital, being scrutinized itself, was left with no choice but to terminate over it.

3
Up Vote Up Vote ×
Specializes in Critical Care; Cardiac; Professional Development.
9 hours ago, Orca said:

IMO this is a critical point. One thing that puzzles me, though, is what specific occurrence during this whole situation caused the hospital to research who had accessed the record in the first place.

That would be the fact that a sentinel event occurred. The hospital is going to be investigated deeply by CMS, possibly by TJC and likely by the family's lawyers. Therefore the hospital is going to immediately investigate everything to do with this chart so that there are no surprises when discovery actions begin. The first action in that is to view what was and was not looked at by the caretakers of this patient from start to finish while caring for them. In doing that they would see anyone who was in the chart who was NOT a caretaker of this patient. Failure to act on this would lead to an entirely new level of liability on top of an already hairy situation.

2
Up Vote Up Vote ×
2 hours ago, not.done.yet said:

The first access did not cause this. The second access did. All of privacy is now on a "need to know" basis. The OP didn't need to know this patient's outcome and therefore broke the law. The hospital, being scrutinized itself, was left with no choice but to terminate over it.

I'd like to believe that but where I am the first access would have been interpreted as not meeting "need to know" criteria, either (an interpretation we have been told point blank) - but since that kind of (proscribed) access is generally in the interest of patient care and could be said to facilitate care (minimize gaps, etc), no one bothers getting hyped up about it. Unless there is some reason to make everything clean and tidy, such as a sentinel event where the chart will subsequently be scrutinized.

I think nurses could use better information about how these things work. It's like this:

The Privacy People and the Nursing People generally have some legitimate disagreements about what constitutes a "need to know." Nursing people want to facilitate patient care, Privacy people want to prevent liabilities that are based on the most strict interpretations of everything, including the facility's own privacy practices. A nurse may say, "this patient is going to be coming to me in the next half hour; I have a need to know, so that I can be prepared..." and the Privacy people will say, "you are not caring for that patient and have no responsibility to that patient, so you don't have a need to know."

Without trying to proclaim who is right or wrong about all of this, nurses should understand the basic 'situation of disagreement' and should make decisions accordingly.

ETA/clarification: This ^ is not to say that the interpretations of the two groups are are mutually exclusive; they aren't: Nurses want to protect patient privacy and the privacy people aren't looking to actively put up roadblocks to patient care. The focuses of the two groups are different, though.

4
Up Vote Up Vote ×
Specializes in School health, Maternal-Newborn.

Where I work we are reminded regularly that we are not to look at who's in the ER (in the computer)for ANY reason, until they are admitted to our unit and assigned to our care.

This is a kindness because they WILL fire people for it. I was once told that I could theoretically be fired for looking at my own lab results!

Up Vote Up Vote ×
+ Join the Discussion