Possible Accidental HIPAA Violation

Updated:   Published

hipaa-violation.jpg.be6893bb2055fa8b50063c53b8676fe5.jpg

I'm a brand new nurse (>1 year) and I work in an urgent care clinic. This woman came in and said her mother was just here and tested positive for covid and she started describing her to me and then without thinking, I replied back "I had a feeling because of the no taste and smell." Her mother also happens to be a nurse and now I'm really panicking about losing my license or getting fired. Has anything like this happened to any of you? What was th outcome?

1
Up Vote Up Vote ×

Slow down. Take a deep breath. This is a small and accidental HIPAA violation. It's not a terminal offense, or something you'd lose licensure over. Really. It's the sort of thing you do as a new grad, which freaks you out and makes you pay better attention in the future. We've all been there. 

It's bothering you, so I recommend you let your supervisor know, or your company's HIPAA compliance officer (whomever you have a better relationship with). Tell them you're aware you made a mistake, and is there anything else they need from you to make it right? 

I imagine the worst they will do is assign you HIPAA remediation training. You'll be fine. 

 

3
Up Vote Up Vote ×

Doubtful any need to panic.

Think of ways to be conversational without saying anything in particular for situations like this. There are lots of comments. You can't talk about other patients' situations--I know you know this, but if you want to not have random slip-ups then develop a plan how you will respond next time. I usually just make neutral statements to show I am listening ("Oh, wow..." or "well I hope s/he feels better soon..." etc. etc), then redirect back to the matter at hand.  If people ask you directly if you know of someone else's situation just tell them point blank that you can't comment on other patients' care.

 

46 minutes ago, RN&run said:

It's bothering you, so I recommend you let your supervisor know, or your company's HIPAA compliance officer (whomever you have a better relationship with). Tell them you're aware you made a mistake, and is there anything else they need from you to make it right? 

Not picking on this poster, but I strongly advise you NOT do ^ this. The H police are people who have nothing important to fill up their days unless they are working on the investigation of a crime they've managed to find out about.  The worst they can do is make a big stinking deal out of it.

 

5
Up Vote Up Vote ×
Specializes in Vents, Telemetry, Home Care, Home infusion.

This is an minor accidental HIPAA issue that you've learned from --- no need to report .  "Thank you for the information" is a response that covers variety situations and acknowledges speaker's concern while not confirming a person was a patient nor stating you will do something with the info.

Nursing license sanctions re  HIPAA are for SERIOUS breeches: looking up famous persons ED visit in EMR, spreading gossip from reviewing medical test results, especially when not your assigned client, placing patient HIPAA info on social media, Improper disposal of PHI – Discarding protected health information with regular trash, --- these will get you terminated and depending on employer, reported to BON.  Placing patients PHI on internet, taking photos of patients in embarrassing or degrading situations or even recording abuse of patients then posting on social media, will result in termination AND being reported to BON.
What Happens if a Nurse Violates HIPAA?

Quote

Examples of HIPAA Violations by Nurses

  • Accessing the PHI of patients you are not required to treat
  • Gossiping – Talking about specific patients and disclosing their health information to family, friends & colleagues
  • Disclosing PHI to anyone not authorized to receive the information
  • Taking PHI to a new employer
  • Theft of PHI for personal gain
  • Use of PHI to cause harm
  • Improper disposal of PHI – Discarding protected health information with regular trash
  • Leaving PHI in a location where it can be accessed by unauthorized individuals
  • Disclosing excessive PHI and violating the HIPAA minimum necessary standard
  • Using the credentials of another employee to access EMRs/Sharing login credentials
  • Sharing PHI on social media networks (See below)

 

4
Up Vote Up Vote ×
Specializes in Critical Care.

As a HIPAA question this is kind of interesting but I don't think there's any basis to claim it's a HIPAA violation.  

The only information you revealed was not specific to any specific medical condition.  At most, the symptoms you acknowledged could have been suspicious for a potential Covid diagnosis, but since you only acknowledged those symptoms to someone already aware of the patient's Covid diagnosis you did reveal any specific medical condition, so no HIPAA violation occurred.   

7
Up Vote Up Vote ×
Specializes in Nurse Leader specializing in Labor & Delivery.

> is "more than"

6
Up Vote Up Vote ×
On 6/10/2021 at 11:26 PM, RN&run said:

Slow down. Take a deep breath. This is a small and accidental HIPAA violation. It's not a terminal offense, or something you'd lose licensure over. Really. It's the sort of thing you do as a new grad, which freaks you out and makes you pay better attention in the future. We've all been there. 

It's bothering you, so I recommend you let your supervisor know, or your company's HIPAA compliance officer (whomever you have a better relationship with). Tell them you're aware you made a mistake, and is there anything else they need from you to make it right? 

I imagine the worst they will do is assign you HIPAA remediation training. You'll be fine. 

 

I would be hesitant on telling on yourself. HIPAA is a dirty word in medicine so be careful about how you end up approaching your supervisor. If you make another mistake after you already told your supervisor, they can deem you as a risk. 

1
Up Vote Up Vote ×

I agree with the post saying not to report it.  It was a brief slip of the tongue.  You have acknowledged to yourself it was wrong to mention any information about a patient to her.  As I call them the HIPAA police I have found at times blow a minor infractions up into a life changing Major situation because they use it to make examples.  Should you be contacted.  State what happened.  Do not make additional comments other than what you said.  A brief slip of the tongue.  At my last job, as I am retired.  I worked in an area where we were asked about high profile patients a lot. We had to sign Confidentially Agreements that listed a stiff penalty and a loss of employment if we violated the agreement.   Other staff and my own family wanted to know about patients.  I finally decided to start saying I don't know who you are talking about.  Which they knew I did as I was the only Nurse in the area.  They would ask.  Don't you work there?  Finally, they realized and quit asking knowing I refused to even mention anything about my job when I got home.  It made things a lot easier on me.   And I didn't have to worry about the HIPAA police or being fired. 

Up Vote Up Vote ×
+ Join the Discussion