Privacy rules don't save patients from exposure

Published

Specializes in retired from healthcare.

When I was studying, I was amazed to find out that the privacy laws don't set limits on loud talking between health workers in a crowded room. The privacy rule, "is not a strict one."

I was deeply disturbed at work when the charge nurse would ask me for report right at the nurses counter in front of any visitor or outsider who happened to walk by.

I was too shy to argue or confront them about this, ie. Could we carry this discussion to the other room where people can't listen in?

I was even more disturbed to find out that if I close the door to a patient's room to talk with them about which diaper they should use or any similar thing, this made me stand out from my co-workers and two co-workers demanded that I leave the door open, even when closing it calmed my patient down.

The law also allows nurses to share private patient information with abusive family members, even if they are a wide-open gossip and routinely spread rumors about the patient all over town :uhoh21: (a true-to-life case scenario)

This law applies, even when a family member's abuses of the patient include rape and even when they are literally driving them insane.

A patient's parents, siblings, and children can get private health information about them even when they are not qualified to have it and even if they don't have any genuine concern for the patient and only want to control them or make a spectacle out of them.

When you add to this that there are some ignronant nurses who strictly follow the legal guidelines

with no recognition that this is a threat to their patient and some relatives who are convincing liars,

I guess hospitals are not always a safe place to be.

Even a patient who can speak for themselves can't always convince their caregivers to save their faces.

Specializes in Critical Care.

Sounds like a problem that may be specific to your unit or hospital? On my unit, we do beside report, in the room, with the door closed. Or if something is talked about at the station, then most of us keep our voices low and we aren't using patient identifiers.

As for the door being closed, I always close the door when I'm in the room. Do your co-workers suggest you leave the door open when bathing a patient??? When I leave the room, I do keep the door open a little. But this is done as a falls prevention strategy.

Specializes in chemical dependency detox/psych.

You keep referring to "the law." Yes, there are laws to protect patients: HIPAA, mandated reporting laws in cases of rape, and others. You gave cases that information was given to family members that did not have a legal right to it. If your unit disregards these standards, and you went along with it, it sounds to me like you are just as complicit in their disregard as your co-workers. Saying that you are too shy to stand up for yourself and your patients sounds pretty weak to me, as it also would to any board of nursing or other regulatory agency. Yes, sometimes patients give releases of information to family members that don't "deserve" it, but you can't fix everyone and their dysfunctional families.

Here is an incident I observed just very recently, last week in fact.

I had to take my mother to a hospital in the capital city of my state, for a CT scan. While I was waiting in the x-ray waiting area for her, a worker....I assumed it was an x-ray tech, came out to talk to a man in the same waiting area.

She called out his name, so I knew who he was, she checked his name band, and the man and the person with him had some questions, so she went back to get the answer from someone else and came back. I overheard that the man was having a BE.

So right there in that waiting area I overheard quite a bit of confidential information that I should NOT have heard.

I didn't hear it intentionally......but I was sitting right there....I couldn't help but over hear it.

I didn't do anything about it......I have already forgotten what the man's name was by now, so I wouldn't be able to provide enough information now for them to figure out who the patient was and who the tech was....I guess I should have done something then, it's too late now, but I was there for my mother and was thinking about her situation and not someone else's.

Anyway, my point is, you never know where or when your privacy is going to be violated. That worker COULD have been in serious trouble if I had done what I should have done that day.

I know the day and the time frame, but I don't know if that would be enough. If some of you more experienced on here, think it might be enough I could write a letter to that hospital and tell them what I overheard. Or does the complaint have to come from the patient?

Or just leave it alond? The girl could lose her job.

Specializes in Cardiac, ER.

Saiderap,

I'm not sure where you work, but it appears that there is a misconception about the "law". Family members have absolutely no "right" to protected health information about a pt unless they are POA, legal guardian or the pt has given permission for you to disclose information.

Family members are often very angry at staff when they phone, say they are Mr Jones's sister and I explain that all I can tell them is that yes Mr Jones is here and he is in stable condition. I try to transfer these calls to the pt or a visiting family member but when that isn't possible that's all the information they get!

Specializes in ER.

Privacy laws say specifically that incidental disclosures, like when someone overhears another conversation, are not situations they will take action on.

Specializes in M/S, MICU, CVICU, SICU, ER, Trauma, NICU.

Privacy laws protect the patients' information OUTSIDE of the healthcare setting, otherwise, all information given at bedside on in the arena of "healthcare"...is not considered HIPAA violation--at least that is what RISK tells us...do I believe it? Not so sure.

HIPAA doesn't really pertain to many health care situations. It is emphasized because we live in an electronic age where access to just about any informaton can easily be obtained or transmitted with just a key stroke.

However, state privacy laws can get very specific on a broad range of topics to include who has control over a person's medical records and information if a person is deceased or incapacitated. The state determines the definition of a minor and their privacy rights. It determines issues about birth control or abortion and who has a right to know. The state can also exceed penalties such as for those considered to be HIPAA violations or other privacy breeches such as what California has established. HIV and STD laws also vary by each state which determine who needs to know or be notified. The same for state Public Health laws when it comes to TB and other serious infectious diseases.

The hospital can also set their own privacy rules such as who can talk to the media and who is present for report or rounds.

Specializes in CCU, SICU, CVSICU, Precepting & Teaching.
here is an incident i observed just very recently, last week in fact.

i had to take my mother to a hospital in the capital city of my state, for a ct scan. while i was waiting in the x-ray waiting area for her, a worker....i assumed it was an x-ray tech, came out to talk to a man in the same waiting area.

she called out his name, so i knew who he was, she checked his name band, and the man and the person with him had some questions, so she went back to get the answer from someone else and came back. i overheard that the man was having a be.

so right there in that waiting area i overheard quite a bit of confidential information that i should not have heard.

i didn't hear it intentionally......but i was sitting right there....i couldn't help but over hear it.

i didn't do anything about it......i have already forgotten what the man's name was by now, so i wouldn't be able to provide enough information now for them to figure out who the patient was and who the tech was....i guess i should have done something then, it's too late now, but i was there for my mother and was thinking about her situation and not someone else's.

anyway, my point is, you never know where or when your privacy is going to be violated. that worker could have been in serious trouble if i had done what i should have done that day.

i know the day and the time frame, but i don't know if that would be enough. if some of you more experienced on here, think it might be enough i could write a letter to that hospital and tell them what i overheard. or does the complaint have to come from the patient?

or just leave it alond? the girl could lose her job.

that sounds like an incidental exposure to information -- an overheard conversation. hipaa requires that we be as discreet as possible, but sometimes incidental exposures just cannot be avoided. sounds as if that was one of those times. if the patient or his family member had questions and asked them in the busy waiting room, i would have answered as quietly as possible, but you still might have overheard. the tech couldn't help it if your listening to another conversation "caused you" to think of someone else's situation rather than your mother's. i doubt if she'd lose her job if you had reported her, but i don't understand why you would want to do that.

It's my understanding that the initial intent of HIPAA was mostly about protecting patient information in electronic medical records. Prior to EMRs, a person would have to physically get hold of a chart, open it up, flip through it and make copies to gather private health information. With current EMRs, that same information can possibly be viewed on any computer around the globe. My understanding is that the impetus of the new health information privacy legislation was to clarify that electronically held health information was subject to the same privacy rights and legal protections as the health information on paper records in a physical medical record.

I'm by no means an expert on this, though! If someone knows better, I'd love to learn!

http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/index.html

...but only if they transmit any information in an electronic form in connection with a transaction for which HHS has adopted a standard.

This act is even more interesting:

Patient Safety and Quality Improvement Act of 2005 (PSQIA)

that sounds like an incidental exposure to information -- an overheard conversation. hipaa requires that we be as discreet as possible, but sometimes incidental exposures just cannot be avoided. sounds as if that was one of those times. if the patient or his family member had questions and asked them in the busy waiting room, i would have answered as quietly as possible, but you still might have overheard. the tech couldn't help it if your listening to another conversation "caused you" to think of someone else's situation rather than your mother's. i doubt if she'd lose her job if you had reported her, but i don't understand why you would want to do that.

thanks for your reply, but i never said i wanted to make her lose her job.

i was just trying to figure out if it was really something that might need be brought to the hospital administrations attention of a possible privacy breech.

my only thoughts were towards the importance of the patient's privacy.

with all the new rules about hipaa it's just something that everyone has to really think about what they're doing and where and when. that's all.

your insinuation that i would want to make the girl lose her job is one main reason i seldom post on this board. and i don't understand from where in my original post how you came up with that assumption.

anyway, thanks for your input.

+ Join the Discussion