HIPAA Violation or not?

[Handsome Robb]

I think to disagree with basically everyone. All I can tell from the op is that a guy in a basically public space took a video of a helicopter landing. Who cares? Im sure people walkong by the landing strip do it all the time. How many YouTube videos of ambulances driving around are there? Helicopters usually draw a crowd. It doesn't sound like any patient was identified or even filmed.



It may have been against hospital policy...but it sounds like a dumb policy. Who could it hurt? The mention of lawsuits for a video of a cool flying machine border on ludicrous.

Did you read? He's an employee at the hospital filming the helo landing and the crew coding a patient on duty...and used their internet to post it...on duty....how on earth is that appropriate? From someone within the healthcare community? You want me to videotape your moms cardiac arrest and post it on the internet? I'll blur everything out so there's no identifying information I promise...

Same concept.

 

[jrm818]

Did you read? He's an employee at the hospital filming the helo landing and the crew coding a patient on duty...and used their internet to post it...on duty....how on earth is that appropriate? From someone within the healthcare community? You want me to videotape your moms cardiac arrest and post it on the internet? I'll blur everything out so there's no identifying information I promise...

Same concept.

I read. What I read said he filmed a helo landing. Op never said anything about videoing pt. Care at all, never mind filming a code. If you know something I don't know, I'd agree it was inappropriate without extenuating cirxumstances.

 

[mycrofft]

I think to disagree with basically everyone. All I can tell from the op is that a guy in a basically public space took a video of a helicopter landing. Who cares? Im sure people walkong by the landing strip do it all the time. How many YouTube videos of ambulances driving around are there? Helicopters usually draw a crowd. It doesn't sound like any patient was identified or even filmed.

It may have been against hospital policy...but it sounds like a dumb policy. Who could it hurt? The mention of lawsuits for a video of a cool flying machine border on ludicrous.

The alleged subject was stated to be a volunteer with access to their internet EPIC system (smelling fishy…) who "happened" to have his iPhone.
The crux of the question was whether the recorded overhead page made it a privacy issue.

I don't see that a hospital rooftop helo pad is a public area. If this apocryphal weenie was standing on an adjoining rooftop he'd be on public ground, but not standing in an area of the hospital which will undoubtably be of limited access (helo pad).

The whole thing sounds semi-hypothetical to me.

 

[samiam]

Would there have been a HIPAA violation if he was just some member of the public that happened to be there doing the same thing? No. Unless there was some patient identifying information, no HIPAA violation occurs.

This is where everyone gets it wrong. Didnt mean to call you out specifically. A member of the public can do what ever the hell they want. They can take a video of a patient being transported and spam the name and ilness and hospital they took it at alll over the interwebs. As long as they dont work for the hospital or any organization required under HIPAA ( NOT HIPPA cough cough every single shred box in the whole hospital) to protect the info.

The alleged subject was stated to be a volunteer with access to their internet EPIC system (smelling fishy…) who "happened" to have his iPhone.

Many hospitals use volunteers as front desk/ lobby attendants most dont even have staff members for this position. These volunteers have access to EPIC or whatever emr the hospital uses. Also you generally dont have to log into the emr to access the internet.

In my opinion the whole issue here is how twisted and misconstrued people make "HIPAA violations" it is used as a catch all term to explain away everything. I cannot tell you how often i ask for a room number and i get from a nurse "Well that would be a HIPAA violation" nooooo nooo no no no patient room listings are released to the public when asked for specifically. When you go in the hospital you sign paperwork saying you are ok with your room info being released to the public when specifically requested. So no i am not going to go alll the way back to the from desk to get a room number. This whole situation sounds like a overzealous IT person who did not contact the legal department before proceeding. Granted this was definitely in bad taste by the volunteer and frankly may have and maybe should have ruined their chance at working at the facility and their status as a volunteer revoked, they can call the FBI all day long and they are not going to do squat.

Furthermore a bit of interesting info in my state at least (granted this would not apply to a volunteer) you can post videos on the job ( i suppose unless there is some specific rule about it) and rude comments about the job and basically anything as long as it is not a HIPAA violation on facebook and your employer cannot do a thing. Interestingly it is part of the labor and right to unionize laws. If they punish you or tell you to take it down they are infringing upon your right to unionize.

 

[mycrofft]

This is where everyone gets it wrong. Didnt mean to call you out specifically. A member of the public can do what ever the hell they want. They can take a video of a patient being transported and spam the name and ilness and hospital they took it at alll over the interwebs. As long as they dont work for the hospital or any organization required under HIPAA ( NOT HIPPA cough cough every single shred box in the whole hospital) to protect the info.

Look up privacy laws.
From WIKI, AND I QUOTE:

" ...tort expert Dean Prosser argued that "privacy" was composed of four separate torts, the only unifying element of which was a (vague) "right to be left alone"…. The four torts were:

1. Appropriating the plaintiff's identity for the defendant's benefit
2. Placing the plaintiff in a false light in the public eye
3. Publicly disclosing private facts about the plaintiff
4. Unreasonably intruding upon the seclusion or solitude of the plaintiff".
Endquote. Numbering and coloring mine.

It is subject to civil measures (bigarse lawsuit), bigger if damage or malice could be proven. In other countries it CAN be against the law .

 

[samiam]

Look up privacy laws.
From WIKI, AND I QUOTE:

" ...tort expert Dean Prosser argued that "privacy" was composed of four separate torts, the only unifying element of which was a (vague) "right to be left alone"…. The four torts were:

1. Appropriating the plaintiff's identity for the defendant's benefit
2. Placing the plaintiff in a false light in the public eye
3. Publicly disclosing private facts about the plaintiff
4. Unreasonably intruding upon the seclusion or solitude of the plaintiff".
Endquote. Numbering and coloring mine.

It is subject to civil measures (bigarse lawsuit), bigger if damage or malice could be proven. In other countries it CAN be against the law .

Ummm ok so in other countries it may be against some privacy law but it is not a HIPAA violation.... Also it is a civil matter so it is not really illegal you can just sue someone for it civilly not criminally. You can sue someone civilly for just about anything does not mean you will win.

Edit: i just took a look at the whole post in that wiki... There is not any statement there stating specific laws or even rulings that protect privacy this is just a dudes opinion.

Furthermore lets take a look at the HIPAA wiki

Quote about the three types of violations:

Covered entities and specified individuals who "knowingly" obtain or disclose individually identifiable health information A fine of up to $50,000
Imprisonment up to 1 year
Offenses committed under false pretenses A fine of up to $100,000
Imprisonment up to 5 years
Offenses committed with the intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain or malicious harm

The keyword there is covered entity and specified individual. Joe Schmo certified member of the public with no ties to a covered entity who pops out his iphone and records a scene of his neighbor being worked on in the front yard after choking on a large dill pickle and obstructing his airway posts that video on youtube telling the whole world how Joe vlasic choked one a pickle and gave a video of a crew working on him did not violate any HIPAA laws.

*Any characters used in this story were completely fictional

For all of my detroit medics there is actually a HIPAA boot camp going on in the near future where you pay $500 for a fir specializing in HIPAA compliance to tell you what is what. i will try to find the site and post it

 

[Household6]

Bad judgement.. Cell phones should stay in your pocket.. I can honestly say, I don't think I've ever brought mine out to film anything EVER..

Cellys stay put away regardeless of any HIPAA or privacy anything.. They just cause problems.

 

[GoldcrossEMTbasic]

I agree 100% on this, Volunteers do have access to the EPIC system at my Hospital. The patient roster. Funny thing is that they can get into almost anything in that system. If they click on the patients name their room number will come up, But if you click on the magnifying glass it will tell their diagnosis and xrays and other procedures. And list of medications on the cardex on the Epic too. I think that should be blocked for volunteer access. Why do Volunteers need access to that info? They only need their room number and phone and if they are on a confidential or deceased status as well, That's all, because I used to work front desk as a volunteer. And we had volunteers that were snoopy and would go above and beyond to see why that patient is in the hospital. Employees did that too. And nothing was done about it. Now I consider that is a Big Violation of a hospital privacy breach. And they fire a volunteer and threaten that subject with the FBI due to filming a helicopter come on.

 

[GoldcrossEMTbasic]

Agree, Because Physicians carry those I phones too. How do we know that they are recording us. They can hit the red button and put the phone in their top pocket with the lens sticking out. and we would not know if it is running or not. These phones are nice, but they can lead into serious trouble. But I have seen RNs and Paramedics on transfers taking pictures of them driving in the snow and then posting on Facebook. We are health care professionals we need to leave the Facebook crap at home and not on the rig. If I was the medical director of that agency. Proper disciplinary action would be implemented or a policy concerning facebook and I-phone use while on duty. Rigs have their own GPS and Garmins to get to where they need to take the patient. Not by using your phone. I would keep mine in my glove or shear pockets.

 

[triemal04]

Look, here's the deal. You got in trouble because you got caught. You filmed something while volunteering and then posted it to the internet from a work computer. While this isn't a HIPAA violation, I've no doubt that it is a violation of some hospital policy; IT, privacy or otherwise. If you had got caught looking up patient records that you shouldn't have, then I'm sure you also would have got in trouble for that too.

Give it up and move on.

 

[vc85]

Like others have said. Accessing the hospitals internet for unauthorized purposes and uploading something from their computer will get you into trouble always, even if it was a video of you talking about your family or pets back at home. Regardless of HIPAA.

 

[CFal]

I got in trouble for something similar, we had a guy airlifted and one of the other agencies there put a video of it taking off on YouTube and posted it to their official facebook page, and I clicked the share button on their post and got reprimanded for it.

 

[GoldcrossEMTbasic]

WOW!! Crazy.

 

[GoldcrossEMTbasic]

I got in trouble for something similar, we had a guy airlifted and one of the other agencies there put a video of it taking off on YouTube and posted it to their official facebook page, and I clicked the share button on their post and got reprimanded for it.

"What Cha Talkin' About Willis!" Gary Coleman AKA Arnold, "Different Strokes":rofl:

 

[unleashedfury]

Regardless of it being a HIPAA violation or not..

You are a volunteer at a local hospital, basically you are a employee that is not paid in dollars.

Most places I have worked, have a "blanket policy" that covers social media use whether its regarding patient information or not, its still a policy observed for the use of the company to prevent their "trade secrets, Patient information, identifying company information etc."

the volunteer made a personal video on the hospital time and property, that was not beneficial in any way shape or form. Then uploaded said video using the hospital system's intranet.

So he/she performed actions that were not within his/her scope of practice and most likely in clear violation of a "contractual agreement" they may have signed to become a volunteer.

 

[GoldcrossEMTbasic]

Regardless of it being a HIPAA violation or not..

You are a volunteer at a local hospital, basically you are a employee that is not paid in dollars.

Most places I have worked, have a "blanket policy" that covers social media use whether its regarding patient information or not, its still a policy observed for the use of the company to prevent their "trade secrets, Patient information, identifying company information etc."

the volunteer made a personal video on the hospital time and property, that was not beneficial in any way shape or form. Then uploaded said video using the hospital system's intranet.

So he/she performed actions that were not within his/her scope of practice and most likely in clear violation of a "contractual agreement" they may have signed to become a volunteer.

Yes, my local hospital has a form that we sign similar to what you stated! We have a confidentiality statement/agreement! If that is breached the employee/volunteer will be dismissed from their duties.

 

[GoldcrossEMTbasic]

Regardless of it being a HIPAA violation or not..

You are a volunteer at a local hospital, basically you are a employee that is not paid in dollars.

Most places I have worked, have a "blanket policy" that covers social media use whether its regarding patient information or not, its still a policy observed for the use of the company to prevent their "trade secrets, Patient information, identifying company information etc."

the volunteer made a personal video on the hospital time and property, that was not beneficial in any way shape or form. Then uploaded said video using the hospital system's intranet.

So he/she performed actions that were not within his/her scope of practice and most likely in clear violation of a "contractual agreement" they may have signed to become a volunteer.

"Damned If You Do! Damned If You Don't!":huh:

 

[unleashedfury]

"Damned If You Do! Damned If You Don't!":huh:

Yes and no, I am sure if the person has performed the same act on their own time off of company property and did not use hospital's system to upload it. I don't see how it would be a problem