Published Jun 24, 2019
adn_nursingstudent
1 Post
Hello!
I have never posted on here before so I’m not sure if I’m doing this right. I work at a hospital where it is common that the Nurses and Doctors text back and forth regarding patients. I have always thought this was a HIPAA violation until a nurse pointed out that as long as the information is “de-identified” PHI, HIPAA rules no longer apply. One of my best nursing friends inadvertently text a picture of some lab results for a patient to a to the wrong number. There was no information that could’ve been considered an “identifier” other than the text included the room number of the patient. For example... “please see attached lab results for patient in 215”.
So... is this a HIPAA violation or not?
Thanks to all for any input.
Silverdragon102, BSN
1 Article; 39,477 Posts
Moved to the HIPAA challenges discussion forum
brownbook
3,413 Posts
I'm no HIPAA expert. But I know of several situations where patient information was inadvertently given to a different patient. No need to explain, each situation was different. My point is that these things do happen.
I was at my PCP for a routine checkup and a patient's information datasheet was handed back to me with my paperwork.
It's not great that it happens, but not necessarily the end of a nurse's career. Who's going to bother to report these violations? These are inadvertent mistakes vs a health care worker looking up information on a patient they have no business looking at.
Do you plan to turn your best nursing friend in ?.
2 minutes ago, brownbook said:I'm no HIPAA expert. But I know of several situations where patient information was inadvertently given to a different patient. No need to explain, each situation was different. My point is that these things do happen.I was at my PCP for a routine checkup and a patient's information datasheet was handed back to me with my paperwork.It's not great that it happens, but not necessarily the end of a nurse's career. Who's going to bother to report these violations? These are inadvertent mistakes vs a health care worker looking up information on a patient they have no business looking at.Do you plan to turn your best nursing friend in ?.
Thank you for your input.
HIPAA can be sort of a gray area at times it seems, although there are definitely many cases where it’s very cut and dry... such as looking at a chart one has no business looking in.
Oh!! And no plans to turn her in... unless she makes me mad!!! ? (Kidding :))).
traumaRUs, MSN, APRN
88 Articles; 21,268 Posts
When texting it is important to utilize encrypted texting which you would not have usually available.
Our practice utilizes encrypted texting as well as encrypted email which is HIPAA compliant.
Texting a provider is not considered a good idea - unless this is an approved way of communicating per the hospital's policy and procedures.
If you are just texting because the provider found it easier than going thru the officially sanctioned call system, you could be in trouble for not following policy.
FurBabyMom, MSN, RN
1 Article; 814 Posts
We have some providers who prefer texting over other options. We just went live with an encrypted secure "chat"/"text" function within our EHR (we're on Epic). I don't use it because I don't have our Epic mobile app, so I'd have to be at a computer workstation anyways which is no more convenient to me than using the paging system. My facility allows providers who have completed the facility approved encryption process for personal devices or who are using work issued (already encrypted) devices to forward their pager to a cell phone. One of our providers has done this, and it turns out that even if their pager is turned off (like they're on vacation, at a conference, etc) they get the message on their cell phone...that is a funny story but perhaps not the one for here ? .If I use the computer or phone based paging system the data is recorded and audited. I won't get in trouble unless I've sent something inappropriate (we have had some folks do this). But if there is ever a question about whether I sent something, sent it in a timely manner, etc., it's on the hospital to maintain the records. I do not put notes in my patients chart about paging providers, although it's different in the OR (when I was a floor nurse and needed orders for or needed to report a critical lab value I did). Usually I'm sending a page to remind them to complete what they need to so we can go back to the room or to ask about a detail related to a case.Occasionally, I'm paging an attending to "Call (extension for room I'm assigned in) now" - although I've done that a handful of times in more than 5 years as an OR nurse - usually for a code, an inability to intubate (especially when I assume we'll have to trach), the "worst case scenario" for a specific procedure (where we page some/all of the surgeon's attending partners to get whomever is closest to come help)... If you use this sparingly, you always get the result your situation warrants.
With that said, I have texted surgeon colleagues. But that's been for something non-specific and very (not patient/case specific) broad, usually not a directly clinical issue.
JKL33
6,953 Posts
On 6/24/2019 at 1:53 PM, adn_nursingstudent said:I have always thought this was a HIPAA violation until a nurse pointed out that as long as the information is “de-identified” PHI, HIPAA rules no longer apply.
I have always thought this was a HIPAA violation until a nurse pointed out that as long as the information is “de-identified” PHI, HIPAA rules no longer apply.
Perhaps.
But does it seem safe, overall, to text about important specific-patient-related matters without using appropriate identifiers? NO. The same thing that makes it not a violation is the thing that makes it a major safety risk.
Using a personal device to share and receive de-identified PHI for the purposes of patient care is not appropriate IMO. There's no way I would do it.
If the facility would like staff to communicate in this way then encrypted devices that can be used on encrypted networks should be provided and appropriate policies should support this. Period. Then there is no need to eliminate identifiers that are an integral part of safe patient care processes.
I feel pretty confident in saying that if your Risk and Compliance people knew about this, things would get ugly.
I suppose it would be different if the messages being sent were along the lines, "labs are back for 215" or "please check labs for 215," but that doesn't sound like it is the case.
Lunah, MSN, RN
14 Articles; 13,773 Posts
We have a secure texting app that we can access on our phones. I just don't think it's a good idea to have anything patient-related on a personal phone. Too many opportunities for people to assume that you could be sending more info than what they see already.