Who do I report a Hippa violation to?

I work in a walk in clinic in Alabama. The office manager and a girl in the front office are close friends. The girl in the front office is telling her husband (a supervisor at a plant) about all of his employees that come to our clinic. On 1/13 a girl came in that worked for her husband and the patient told her that everyone thought her husband was gay. Well to make a loooong story short. The lady is getting fired from her job for slander when really her privacy was violated.

I may not know the whole story but this sounds more like a case of petty gossip than a HIPPA violation. HIPPA deals with patients and the privacy of their healthcare. Spreading non-medical, non- patient/health provider gossip is frustrating but not against the law.

If you are referring to the disclosure of the fact that the patient was even at the clinic....I believe that is also not a HIPPA violation. We can write work excuses all day long for people to let the employers know the employee was in the ER but we are not to let them know why.

(Someone correct me if I'm wrong)

You report it to the supervisor over the office manager, or the owner.

Just remember, when you report it to a gov't agency, if validated, your organization will be fined thousands of dollars.

And when they find out it was you, they will fire you.

If there is a HIPAA violation, most places will terminate the individuals involved, because that is far preferable to gov't sanction. If you choose to deny your organization that ability, and take it directly to the gov't, don't be surprised that they won't risk another many thousand dollar fine and hit on their credibility by keeping you around.

Just food for thought.

~faith,

Timothy.

If in fact you are fired for reporting a valid complaint to a govornment agency, you likely are protected:

http://whistleblowerlaws.com/protection.htm

You report it to the supervisor over the office manager, or the owner.

Just remember, when you report it to a gov't agency, if validated, your organization will be fined thousands of dollars.

And when they find out it was you, they will fire you.

If there is a HIPAA violation, most places will terminate the individuals involved, because that is far preferable to gov't sanction. If you choose to deny your organization that ability, and take it directly to the gov't, don't be surprised that they won't risk another many thousand dollar fine and hit on their credibility by keeping you around.

Just food for thought.

~faith,

Timothy.

If in fact you are fired for reporting a valid complaint to a govornment agency, you likely are protected:

http://whistleblowerlaws.com/protection.htm

And while I truly understand that, this site is full of people fired anyway.

In truth, it's easier for a company to stonewall your complaint after they fire you then it is to continue to deal with you if they perceive you to be a threat.

I wouldn't depend upon that protection if you depend on your job.

~faith,

Timothy.

It all boils down to..........you have a duty to protect the privacy of patient/s.

If you intend to truly see this through, you report to the powers that be. If it is the manager, so be it. If you have proof of an egregious breech in patient privacy and you want this blatant practice stopped, then report it to the highest agency/entity possible.

I agree. I'm not saying don't report it. I'm not even saying don't report it to the gov't.

I was just saying use your internal chain of command first.

You do have an obligation, a moral and LEGAL obligation, to your pt. I wasn't saying ignore that obligation. I was just suggesting you first use an internal chain of command before jumping straight to the gov't.

And mind you, I wasn't commenting on the specific issue before now:

If a provider knows someone is gay as a result of a professional relationship (they didn't know that outside the relationship), AND if that provider knew it wasn't common knowledge, if that provider told someone that didn't know it: that would be a HIPAA violation. HIPAA doesn't stop with just healthcare information. It is ANY personal information gained as a result of the professional relationship.

I would also stipulate that, for a violation to occur, the information wasn't common knowledge. For example, it's not a HIPAA violation if I refer to my patient as a 'He'. His sex could be inferred as common and available knowledge (although I could obviously think of examples where that wouldn't be the case.) If, in your example, the guy in question was obviously and overtly gay (it is his express intent by style and characteristic to display his orientation), then it wouldn't be a HIPAA violation, in my opinion: you aren't saying anything about the guy that he doesn't already broadcast publicly, ergo, it's not 'personal' information. Does that make sense?

~faith,

Timothy.

I may be wrong, but I think it might be a violation to disclose that a pt was there. The pt did not ask for a note for her employer and her employer did not call to say "Is she there?"

Hello, Timothy,

But, I have to disagree with you here. Anything gleaned within the confines of the professional relationship is confidential. It makes zero difference if the information is common knowledge. If this personal information, known by the public or no, is repeated by the health care professional outside the professional relationship, then it is a HIPAA violation. It does not have to be proven. It is a breech of the patient's privacy.

The question at hand though, would be violating a pt's privacy.

I used an example: if, in dealing w/ staff members that didn't have a need to know about my pt personal information, if I referred to my pt as a 'he' and not a 'she', did I violate HIPAA??

Does it violate a pt's privacy to mention characteristics of that pt that are clearly not private? I think its a fine line there. But I think it comes down to this: If I gleaned the information as a result of a pt/nurse relationship, then I cannot release that info. But information obviously kept non-private by a pt and accessible to anyone wouldn't necessarily qualify.

And I agree that you cannot disclose the fact that a pt was even there unless they sign a release. I work in a hospital, and most pts sign a release to acknowledge that they are there.

~faith,

Timothy.