Jump to content

Possible Accidental HIPAA Violation

Updated | Posted
by kaliandr kaliandr (New) New Nurse Student

Has 1 years experience.

hipaa-violation.jpg.be6893bb2055fa8b50063c53b8676fe5.jpg

I'm a brand new nurse (>1 year) and I work in an urgent care clinic. This woman came in and said her mother was just here and tested positive for covid and she started describing her to me and then without thinking, I replied back "I had a feeling because of the no taste and smell." Her mother also happens to be a nurse and now I'm really panicking about losing my license or getting fired. Has anything like this happened to any of you? What was th outcome?

Slow down. Take a deep breath. This is a small and accidental HIPAA violation. It's not a terminal offense, or something you'd lose licensure over. Really. It's the sort of thing you do as a new grad, which freaks you out and makes you pay better attention in the future. We've all been there. 

It's bothering you, so I recommend you let your supervisor know, or your company's HIPAA compliance officer (whomever you have a better relationship with). Tell them you're aware you made a mistake, and is there anything else they need from you to make it right? 

I imagine the worst they will do is assign you HIPAA remediation training. You'll be fine. 

 

Doubtful any need to panic.

Think of ways to be conversational without saying anything in particular for situations like this. There are lots of comments. You can't talk about other patients' situations--I know you know this, but if you want to not have random slip-ups then develop a plan how you will respond next time. I usually just make neutral statements to show I am listening ("Oh, wow..." or "well I hope s/he feels better soon..." etc. etc), then redirect back to the matter at hand.  If people ask you directly if you know of someone else's situation just tell them point blank that you can't comment on other patients' care.

 

46 minutes ago, RN&run said:

It's bothering you, so I recommend you let your supervisor know, or your company's HIPAA compliance officer (whomever you have a better relationship with). Tell them you're aware you made a mistake, and is there anything else they need from you to make it right? 

Not picking on this poster, but I strongly advise you NOT do ^ this. The H police are people who have nothing important to fill up their days unless they are working on the investigation of a crime they've managed to find out about.  The worst they can do is make a big stinking deal out of it.

 

NRSKarenRN, BSN, RN

Specializes in Vents, Telemetry, Home Care, Home infusion. Has 44 years experience.

This is an minor accidental HIPAA issue that you've learned from --- no need to report .  "Thank you for the information" is a response that covers variety situations and acknowledges speaker's concern while not confirming a person was a patient nor stating you will do something with the info.

Nursing license sanctions re  HIPAA are for SERIOUS breeches: looking up famous persons ED visit in EMR, spreading gossip from reviewing medical test results, especially when not your assigned client, placing patient HIPAA info on social media, Improper disposal of PHI – Discarding protected health information with regular trash, --- these will get you terminated and depending on employer, reported to BON.  Placing patients PHI on internet, taking photos of patients in embarrassing or degrading situations or even recording abuse of patients then posting on social media, will result in termination AND being reported to BON.
What Happens if a Nurse Violates HIPAA?

Quote

Examples of HIPAA Violations by Nurses

  • Accessing the PHI of patients you are not required to treat
  • Gossiping – Talking about specific patients and disclosing their health information to family, friends & colleagues
  • Disclosing PHI to anyone not authorized to receive the information
  • Taking PHI to a new employer
  • Theft of PHI for personal gain
  • Use of PHI to cause harm
  • Improper disposal of PHI – Discarding protected health information with regular trash
  • Leaving PHI in a location where it can be accessed by unauthorized individuals
  • Disclosing excessive PHI and violating the HIPAA minimum necessary standard
  • Using the credentials of another employee to access EMRs/Sharing login credentials
  • Sharing PHI on social media networks (See below)

 

MunoRN, RN

Specializes in Critical Care. Has 10 years experience.

As a HIPAA question this is kind of interesting but I don't think there's any basis to claim it's a HIPAA violation.  

The only information you revealed was not specific to any specific medical condition.  At most, the symptoms you acknowledged could have been suspicious for a potential Covid diagnosis, but since you only acknowledged those symptoms to someone already aware of the patient's Covid diagnosis you did reveal any specific medical condition, so no HIPAA violation occurred.   

klone, MSN, RN

Specializes in OB-Gyn/Primary Care/Ambulatory Leadership. Has 15 years experience.

> is "more than"