anyone els ever had a HIPAA issue?

[justanothedoa]

i cant speak specifically but i was talking with a coworker who knew information about the situation but i got called out for a HIPAA violation.. i may be just ignorant to how HIPAA works but im so worried i breached HIPAA without even intentionally doing so!:blink::unsure:
if more info is needed you can pm me but i cant give any specifics..


thanks in advance.

 

[mycrofft]

Can't make head nor tails of your post. Be that as it may...

Basically the HIPAA provisions about confidentiality are there to curb theft of, or unauthorized or unprofessional sharing of, personal medical information.

In theory, if sharing of info is not required for care or payment and has not been ok'ed by the patient, it shouldn't happen.

Changing names etc. is not enough if you want to discuss a case generically.

And if you want to hear violations, post up in an elevator or dining room at a hospital sometime.

 

[Aprz]

You sir win one googolplex EMTLife points for correctly spelling HIPAA.

HIPAA is briefly covered in class, and the *"HIPPA" police fear it because they do not understand it. They get the gist of it, but HIPAA is actually a lot more gray and more dynamic than some believe.

I've been called out before for violating HIPAA because I've discussed calls (without including protected health information (PHI)) with other people, because I did a hospital ring down using my personal own phone instead of the one provided to me by my company (even though I cannot recall a time I include PHI in a ring down ever), calling dispatch using my personal own phone instead of the one provided to me by my company, for saying the patient's name to the patient, typing the patient's full name, age (and age group), and gender into an ECG monitor prior to doing a 12-lead, etc.

I recommend reading a summary on HIPAA. I give credit to JPINFV for posting this link awhile ago.

http://www.hhs.gov/ocr/privacy/hipaa/understanding/srsummary.html

First of all, I just try to use sound judgement and do things in good faith. I identify what is PHI (eg patient's name, address, diagnosis), etc. I identify whether it's useful/necessary to share PHI, and if it's for "treatment, billing, or healthcare operations".

For example, if a dispatcher tells me the patient's address over the radio, it's OK because it's covered by healthcare operations (although we'll attempt to provide PHI privately eg by pager instead of over the radio if possible). If I give a report to the receiving RN providing PHI, it's OK because it's necessary for future treatment and a part of healthcare operations. When I write it down on my PCR, it's OK because it's for billing. At a clinic, the medical assistant may say the patient's full name (first and last name) identify the patient saying that the doctor is ready for them, but it's part of healthcare operations (you could try to start off saying the first name first, but sometimes you need to say the last name too).

I guess technically there are simple ways to violate HIPAA eg sharing PHI in the elevator when others who are not involved in treatment, billing, or healthcare operations are inside the elevator, or making your facesheet or PCR visible on top of your gurney while people are passing by or as you push the gurney.

If you are extremely concerned about it, your company technically shouldn't severely punish you if you notify them. They may have something like an employee hotline, privacy officer, or something. Perhaps discuss with a supervisor your concern and determines ways to prevent this problem in the future. I would love to say that it's better to be pre-emptive, but I know a lot of companies have their finger on the red button unfortunately.

* I intentionally mispelled HIPAA as HIPPA because that's how I imagine the HIPPA police spells it. Since you can spell HIPAA correctly, you more likely know more about HIPAA than 90% of people in healthcare (somewhat rough statistics, but probably accurate, hehe).

 

[justanothedoa]

well i wish it were just a simple case of me sayin oops i broke HIPAA but its more of someone heard me break HIPAA and called me in.. im now having to talk to lawyers and what not because they went over my department and went straight to company head. so yeah, im ultimately at a loss because it was not will ill intent and it wasnt telling my coworker any new information because the pt had openly talked about it before hand.. idk we will just see how this all works out.. but aprz i appreciate your response it was extremely helpful!

 

[hogwiley]

Don't get me started on HIPAA. Like so much of what congress does, it was done because of politics and showmanship rather than a practical need. Not that I think there shouldn't be some privacy protections like in other countries, but HIPAA takes it to the extreme.

I'm pretty sure HIPAA has killed many patients in hospitals over the years because of the poor communication that results and the simple fact a Nurse or tech has to use like 3 friggin passwords every time they want to chart something. If you have one patient no big deal. If you have 20 patients its a huge time waster and inevitably leads to errors or omissions.

So theres my HIPAA rant, now I feel slightly better. And no I've personally never gotten in trouble over it, but like probably anyone whos worked in health care for any length of time, Ive known people who got fired over it. Some that probably deserved it(and would have gotten fired without HIPAA for the same thing), and others that were a victim of an overzealous HIPAA Nazi.

 

[mycrofft]

The privacy restrictions of HIPAA are there supporting the real thrusts of the law.

http://en.wikipedia.org/wiki/Health...are_Access.2C_Portability.2C_and_Renewability

Privacy is more or less part of the anti-fraud section. Many administrators have chosen to tread a narrow and exclusive path.

I don't believe the intent or the actual wording prevent passage of professionally necessary data in a responsible manner. But just as everyone wound up putting long spine boards on all patients, the HIPAA monster has been used sometimes to try to mess with people just doing their job.

Here's an anecdote: within a county clinic system, one clinic manager decided if any other county clinic wanted any info on a patient from HIS clinic, they needed to get a signed release from the patient. It took a couple years for someone above him to say "Grow up".

 

[Christopher]

For example, if a dispatcher tells me the patient's address over the radio, it's OK because it's covered by healthcare operations (although we'll attempt to provide PHI privately eg by pager instead of over the radio if possible).

There is no violation of HIPAA when dispatchers relay information provided to them. If the caller's name is in the notes, you can say it on the radio. What they called for is not protected information. All of your back-and-forth with a dispatcher is public information unrelated to HIPAA.

(the only way in which this would be a violation would be if your dispatchers were internal to your organization and thus fall under your "covered entity")