Student HIPAA violation question

Nurses HIPAA

Published

  1. Should I be pulled from my site?

13 members have participated

In my externship at a large clinic. I needed to have my immunizations up-to-date. I was told my MMR was not and could not be found anywhere in the registry. I had my blood drawn at another clinic to see if I was immune. They called and said I was immune to Measles and Mumps, but not Rubella. I got two phone calls from the clinic and one stated my partial immunity and the other wanting me to call the clinic back. I did not know why. By this time, the clinic was closed for the day.

The next day I looked up my own chart at my externship site to see what it said. I needed to get the information to my school so they had it on file or I knew I could be pulled from my externship site.

If I was indeed immune to Rubella, I knew I didn't need to get any further testing or blood draws, as I had an appt. made for an MMR injection with my pcp that same day. I would then just need to request a copy of it for my school.

It said I was not immune so I figured I needed the MMR injection. I did not look around in the chart for anything else. Just to find out this information, nor did I share the information with anyone or share anyone else's I have access to. I did not know I should not have looked up my own. I mentioned to my pcp's CMA at the injection appt. (this was after I had looked in the chart earlier that day) that I could just look up the info myself once my results were in and she said, "No. Don't ever do that!" I am scared the clinic will file a complaint and I will be fined. Is this a violation if I didn't know?

I have a sinking feeling I will be looking for a new degree. Is this violation something that will keep me from getting hired anywhere in the medical field now? Help. I feel like I have let myself down and my whole family down. All that schooling was for nothing if I get pulled and don't get the degree. Not to mention, will still have to pay for it.

Specializes in Med/surg, Quality & Risk.
It is a HIPAA violation (in some facilities) to look up your own records, you have a right to your medical records but you do not own them; it sure if that would keep you from getting a job though

HIPAA is HIPAA. The act of looking at one's own records is either a federal law violation or it isn't. (It isn't.) HIPAA has ZERO requirements that are "facility by facility." The point is, that people use "HIPAA violation" as some kind of catchall when it's not. If it's a violation of FACILITY POLICY then fine, but they should stop throwing HIPAA out there like it's some kind of threat for looking at your own records because it's not.

Up Vote Up Vote ×

Why r u impersonating being an RN? One can't easily fake that. A nurse knows when they r speaking with another nurse.

Up Vote Up Vote ×
It is a HIPAA violation (in some facilities) to look up your own records, you have a right to your medical records but you do not own them; it sure if that would keep you from getting a job though

Facilities don't have an option as to how to implement HIPAA. It is a Federal thing. "HIPAA" is not some sort of shorthand for "the way we want to manage our medical records here," it's a very specific set of instructions with a very specific set of penalties for violations, set out at the Office of Civil Rights (OCR) website.

I don't know how many ways we can say, "This is not a HIPAA violation, it's only a hospital rule violation," but I've run out. :sarcastic:

Up Vote Up Vote ×
Specializes in Pedi.
It is a HIPAA violation (in some facilities) to look up your own records, you have a right to your medical records but you do not own them; it sure if that would keep you from getting a job though

How can something be a HIPAA violation "in some facilities"? HIPAA is not facility specific, it's a federal law. The HIPAA I am bound to abide by in Massachusetts is the same HIPAA that a nurse in Oklahoma or Alaska is bound to abide by.

Up Vote Up Vote ×

Did you consent to you viewing your medical record?

:roflmao:

Up Vote Up Vote ×

I read this article. As one of my favorite lines from The Princess Bride states, "I don' think that means what you think it means." :)

It is not about HIPAA forbidding you to read your own records (because HIPAA doesn't do that). It's legal opinion advising covered entities to sure that their record-keeping protocols are HIPAA-compliant, in that records are not easily accessible without going through protocols to document access. It says that if you ask staff and discover that some of them are accessing their own records, it is a red flag that the system is not as secure as it ought to be and could invite audit to see that practices are HIPAA-compliant. It does NOT say that staff accessing their own records is a HIPAA violation.

Here's the text from that blog post:

For those of you working in medical practices, your own medical record is sometimes only a few clicks or a few steps away. But be careful. Easy access shouldn’t translate to open access.

“Under HIPAA everybody is supposed to have access only to the minimal necessary to do their job,” Practice Notes blogger and Illinois-based attorney Ericka L. Adler told Physicians Practice. “You’re not your own doctor obviously, so just because you work somewhere doesn’t mean you should be able to access your own medical records.”

In addition, while every patient has a right to his or her own record, that doesn’t mean any patient (including a practice employee or physician) should bypass the HIPAA patient record-related protocols that should be in place at all practices, Steven Kabler, an attorney at Denver-based Jones & Keller told Physicians Practice.

“What happens is under HIPAA there are a number of regulations that deal with the security of medical records,” he said. For instance, covered entities must ensure the confidentiality of all health information they receive, and they must enact procedures and policies to keep that information secure.

“To protect the integrity of the medical records and to protect the confidentiality, a healthcare provider should go through the procedures that a patient would go through in order to access their record,” said Kabler.

At a minimum, Kabler recommends these procedures include a requirement that all patients (even those who work at the practice) either sign a release or submit a written request for their records when they wish to view them. That way, providers can document who has viewed the records and what they have viewed.

Even in smaller practices where the atmosphere is open and laid back, it’s important that staff members and physicians follow strict guidelines when it comes to accessing their own records, said Adler. “There’s a slippery slope [toward HIPAA violations] and right now they’re really enforcing HIPAA, and these are the kinds of things that get practices into trouble.”

For instance, if a staff member can easily access any records, including her own, that means the necessary HIPAA procedures are not adhered to at the practice, said Adler. “It’s getting more and more likely a practice could be audited for its HIPAA practices and policies,” she said, noting that compliance is key.

Other HIPAA-related problems could arise if staff members are questioned about HIPAA policies and it comes to light that they are able to look at their own records. It “invites scrutiny,” said Adler, noting that an employee looking up his own medical record, “may not necessarily be the initial reason for a HIPAA audit/investigation, but could lead to problems.”

Beyond HIPAA violations, when staff members or physicians freely access their own records it raises other issues. For instance, an employee or physician who views his record might alter it. Or, if the physician who is treating the employee knows the employee is freely accessing his own record, the physician may have difficulty providing an honest assessment of the employee (patient) in the record, said Adler.

Kabler advises practices specifically address this issue with staff members, noting that HIPAA requires covered entities to make staff members aware of record procedures.

“It always makes sense to have that [employees and physicians not having open access to their own records] as a written policy,” he said. “You absolutely need to make staff and employees aware of it.”

- See more at: HIPAA Compliance: Access to Practice Staff Medical Records | Physicians Practice

Up Vote Up Vote ×
Specializes in Critical Care, ED, Cath lab, CTPAC,Trauma.

The link above is a great resource and is an interesting article....the site requires registration but it is free!!!! This article addresses private practices which are similar to large facilities in requirements have slight variations is compliance.

f a staff member can easily access any records, including her own, that means the necessary HIPAA procedures are not adhered to at the practice, said Adler. “It’s getting more and more likely a practice could be audited for its HIPAA practices and policies,” she said, noting that compliance is key.

Other HIPAA-related problems could arise if staff members are questioned about HIPAA policies and it comes to light that they are able to look at their own records. It “invites scrutiny,” said Adler, noting that an employee looking up his own medical record, “may not necessarily be the initial reason for a HIPAA audit/investigation, but could lead to problems.”

.

Kabler advises practices specifically address this issue with staff members, noting that HIPAA requires covered entities to make staff members aware of record procedures.

It always makes sense to have that [employees and physicians not having open access to their own records] as a written policy,” he said. “You absolutely need to make staff and employees aware of it.”

You may view your own record according to HIPAA......not making an employee adhere to the same principles as everyone else to gain access conveys a lack of compliance/control and brings the practice under scrutiny and ethical accuracy.

Up Vote Up Vote ×
+ Add a Comment