I often hear of nurses who made HIPAA violations, none of whom intended to breach privacy but either curiosity or carelessness got the best of them.
Here are ten such examples:
- EMR – If you forget to log out of a computer terminal, someone else can follow you to access anything under you log in. Computers are smart and everything you do on the device can be tracked. Every keystroke you make, every chart you look at, everything! Even if you accidentally pull up a wrong patient’s chart, that is a HIPAA violation. Should this occur, immediately notify your supervisor.
- HANDWRITTEN NOTES – When I was practicing, I had a clipboard with all my patients’ names and what I was to do with each one. Many times, I forgot to throw away my sheets and brought them home where I discarded them in the trash. If these notes are thrown away rather than placed in a secure shred bin, you are violating patient privacy and HIPAA.
- PROTECTED INFORMATION – If you have a coworker who has had a procedure and you want to find out how they are, you CANNOT access their records. In that position, you are just like everyone else who is not allowed access to this person’s information. If you want any information on the coworker, you will have to go through the normal way of finding out, just like any family member or friend.
- PATIENT FAMILY AND FRIENDS – Be cautious about any information you give to a patient’s family member or well-meaning friend. Make sure the patient has signed a HIPAA release or authorization giving you permission to share information with that particular person.
- SHARING INFORMATION – Be careful not to share information outside protected channels. If you text a doctor from your personal cell phone, you have violated HIPAA. Any such text or email must be secured through approved software and channels.
- SELFIES – As much as you would love to be friends with your patients, anything you share on your Facebook page or other social media, such as a selfie with the patient, is a HIPAA violation. Frankly you should never take a picture with a patient, but a patient may take a picture with you. I would not even be friends on Facebook with a patient because that too is a HIPAA violation of boundaries. However, if the patient takes the selfie and they post it on their own social media, no violation has occurred. The violation occurs it YOU post it.
- REPORTING HIPAA VIOLATIONS – You can self-report any HIPAA violation but that does not necessarily mean you will not get in trouble but to NOT self-report can make the situation worse. However, if you note another’s HIPAA violation and fail to report it, you can make the situation worse as you can be considered an accomplice in the violation.
- PUNITIVE MEASURES – HIPAA violations can result in a variety of legal responses that go beyond just being terminated from your job. A UCLA surgeon was sentenced to 4 months in jail and fined $2,000 after he illegally accessed medical records over 300 times of his supervisor, coworkers and celebrities.
- ELEVATOR CHATS – In one case, a nurse was trying to reach a physician about a patient but he had not called back when she ran into him in an elevator. She promptly began a discussion with the doctor to get an order. This is a violation of HIPAA because the disclosure of the patient’s situation was not in a secure place
- FAXING – If you are extremely busy and need to fax medical information, take the few seconds to confirm it is going to the proper recipient. If you accidentally send medical information to the wrong place, you have violated HIPAA.
A HIPAA violation is an extremely serious offense and can result in huge fines and even imprisonment, as noted in No. 8 above.
In ABC’s reality show, NY MED, they inadvertently filmed two hospital patients without consent. The hospital paid a settlement of $2,200,000 and was instructed to implement a corrective action plan.
HIPAA violations are extreme and saying “it was an accident” is not an acceptable excuse. There is zero tolerance for such and 100% compliance of HIPAA regulations is required at all times.
Please careful to protect your patient’s confidentiality.