New Supervisor Violating HIPPA?

Published

Hi all!

Got a new supervisor who we suspect might be violating HIPPA, unintentionally of course.

She's sent out a few emails and texts with "client" (we work in home health) names and personal medical information. However, when stating the names of the clients, she only uses their first initial and last name. But that is not necessary as she could just use their room number.

Not trying to get her in trouble or anything, just curious and would like to know what you guys think. It might be wise to give her a heads up for next time.

Up Vote Up Vote ×
Specializes in ICU/community health/school nursing.

What does your institutional policy say about this?

Up Vote Up Vote ×

If the email server is secured/encrypted it's not a violation. If the texts are coming over a locked company device it also shouldn't be a violation... but that could be different for you as I am in Canada

Up Vote Up Vote ×
Specializes in Complex pedi to LTC/SA & now a manager.

If it's a secured email system or phone it's not a violation. Review company policy

Up Vote Up Vote ×
Specializes in SICU, trauma, neuro.

As long as the device is encrypted it's not a violation.

The reason a room number isn't used is a safety issue: patients sometimes switch rooms.

Up Vote Up Vote ×

If it is email on an internal server, or, like others have said, encrypted if the email is going to an external server, then it is not a HIPAA violation. I'd be a little more concerned about texting personal health information, but it doesn't necessarily mean that she's committed a HIPAA violation so far. There should be policies in place within your organization that outline what procedures are in place to maintain HIPAA compliance. I would recommend reviewing and familiarizing yourself with them, especially around social media, which can be quite confusing sometimes.

Up Vote Up Vote ×
Specializes in Oncology; medical specialty website.

Why not just ask her directly? ("Hey, Ms. Supervisor, we were wondering if we're still in compliance with HIPAA when we share pt information using the pt's first initial, last name, and PHI. Would you please clarify?)

Up Vote Up Vote ×
+ Join the Discussion