Wiki HIPAA violation?

Create Wiki
T

trinalankford

Guru
Messages
142
Best answers
0
I'm not even sure how to sure this on the internet, so I'm turning to you all here.

I work at an office where there is a glass window separating reception from the office (though the glass window is never closed, but that is another story). There are 2 people who work in the "office" part of this physician's office, me and another person. I do the coding, billing, transcription, what I would call back office duties, while she does the scheduling, reception duties, phone, etc. She is full-time and I'm not, so she refers to herself as the office manager. My "office manager" is very good friends with the nurse at the urologist's office next door (I also work part-time there and am EXTREMELY careful to keep that office there and this office here, if that makes sense).

In any case, the office manager was visited this morning by her nurse friend, as she always is, and some records came across the fax for a referral to our office. The office manager pulled them off the fax, laid them on the counter in view of the nurse, and started reading out loud, including patient's name and medical terms. She didn't know what one of the terms meant, so her nurse friend piped up with the definition of the term. The nurse friend then came around through the office so she could see the record without it being upside-down, and she read right off it, all the while the patient's name is glaring straight off it. The office manager even called this patient to schedule the consult while the nurse was standing there.

The office manager was also cross-training someone to fill in for vacation, and literally the three of them stood there and discussed these records, including patient name, medical condition, the office that referred her (because it was from out of town), etc.

I know if I approach her about a HIPAA breach she will fall back on the, "She works in the medical field and has signed a HIPAA agreement." Yes, true, but for the other office. She shouldn't be privy to records in OUR office, should she?

In addition (because I work at both offices, I have duties to both, I believe), the nurse will come to our office because "yet another patient cancelled even though I had everything set out for their procedure, blah, blah, blah...." That should not be shared between offices, should it???

To me, these are obvious things, but I'm one to go.BY.THE.BOOK and have NEVER even "slipped" up. Patient's medical records are sacred grounds to me, so it floors me that they are being so blatant about it. Maybe I'm seeing something that really isn't there? Are these or are they not HIPAA violations?

Of course....I've mentioned the maintenance man to the office manager right after I started, too. He will come into the office, the main part of the office, and sit down in and amongst the charts, records laying on countertops, etc. Office manager said, "He signed a HIPAA confidentiality agreement, so he's okay." (??????)

This is really, really bugging me, and I'm going to talk to her tomorrow, whether or not it ticks everyone off. It will involve my position at two different offices, but I don't see where this is kosher?

Hopefully this isn't too confusing. I have a tendency to type really fast when I'm upset about something.

Thanks for your help!
 
trinacmt said:
I'm not even sure how to sure this on the internet, so I'm turning to you all here.

I work at an office where there is a glass window separating reception from the office (though the glass window is never closed, but that is another story). There are 2 people who work in the "office" part of this physician's office, me and another person. I do the coding, billing, transcription, what I would call back office duties, while she does the scheduling, reception duties, phone, etc. She is full-time and I'm not, so she refers to herself as the office manager. My "office manager" is very good friends with the nurse at the urologist's office next door (I also work part-time there and am EXTREMELY careful to keep that office there and this office here, if that makes sense).

In any case, the office manager was visited this morning by her nurse friend, as she always is, and some records came across the fax for a referral to our office. The office manager pulled them off the fax, laid them on the counter in view of the nurse, and started reading out loud, including patient's name and medical terms. She didn't know what one of the terms meant, so her nurse friend piped up with the definition of the term. The nurse friend then came around through the office so she could see the record without it being upside-down, and she read right off it, all the while the patient's name is glaring straight off it. The office manager even called this patient to schedule the consult while the nurse was standing there.

The office manager was also cross-training someone to fill in for vacation, and literally the three of them stood there and discussed these records, including patient name, medical condition, the office that referred her (because it was from out of town), etc.

I know if I approach her about a HIPAA breach she will fall back on the, "She works in the medical field and has signed a HIPAA agreement." Yes, true, but for the other office. She shouldn't be privy to records in OUR office, should she?

In addition (because I work at both offices, I have duties to both, I believe), the nurse will come to our office because "yet another patient cancelled even though I had everything set out for their procedure, blah, blah, blah...." That should not be shared between offices, should it???

To me, these are obvious things, but I'm one to go.BY.THE.BOOK and have NEVER even "slipped" up. Patient's medical records are sacred grounds to me, so it floors me that they are being so blatant about it. Maybe I'm seeing something that really isn't there? Are these or are they not HIPAA violations?

Of course....I've mentioned the maintenance man to the office manager right after I started, too. He will come into the office, the main part of the office, and sit down in and amongst the charts, records laying on countertops, etc. Office manager said, "He signed a HIPAA confidentiality agreement, so he's okay." (??????)

This is really, really bugging me, and I'm going to talk to her tomorrow, whether or not it ticks everyone off. It will involve my position at two different offices, but I don't see where this is kosher?

Hopefully this isn't too confusing. I have a tendency to type really fast when I'm upset about something.

Thanks for your help!
Click to expand...

You should definitely voice your concerns. It is a violation of HIPAA for the "nurse from the office down the hall", so to speak, to walk into your office and view or comment on any patient records. The only records she should have access to are for patients her office refers to your office. You are correct that the HIPAA agreement signed is for the specific office you work in, not for every office you happen to enter.

As to the maintanence man sitting amoung the charts, he should have signed a HIPAA agreement so he should not be sharing any information he happens to get by working around the office. But it is still prudent to use techniques such as turning charts over to hide names to keep prying eyes from seeing protected information.

There is more information available here on the AAPC website and on the internet regarding HIPAA and what constitutes a violation. I would encourage you to read up on the rules so you can be sure you are following the correct standard.

I wish you luck in your conversation and hope you are able to provide some insight to the staff. If all else fails, do consider also speaking to the provider as it is their business that is potentially affected by the violations of an employee.
 
Thank you for your help!

The first line of my message should have read, "I'm not even sure how to SEARCH this..." instead of "SURE this...," but I will do some more research into examples.

I did already talk to her this morning (I couldn't even sleep last night, it was bothering me so much), so she is aware and acknowledged that she "didn't even think" about the nurse looking at the notes (???).

I appreciate your help!
 
I would also document everything with dates, times and who you reported things to with their response. It is so important to cover your own butt just in case.
 
I would say a big YES, it is a HIPAA violation.
Nobody should have any access to any records or PHI, unless they are involved in providing care for that patient. this, of course, includes you, the biller, as you are facilitating their care - but not "the nurse down the hall."

Likely enough - the nurse down the hall would not share that information - I am assuming, of course, that the nurse down the hall is a professional.

However, it would be a violation of HIPAA...and if that is occurring, likely there are other occurrences of HIPAA violations. As said above, I would simply document what you see, to cover your own self.
 
HIPAA reminds me of handling classified information from my Navy days...


Just because you have the right security classification level doesn’t mean you have access to all information at that level and below.

We used to talk about access verses the need to know. Just because you have access doesn’t mean you have the need to know. In other words, the only real access you have is to information you need to know in order to do your job.

That being said, you know you’re right when you say that you’re worried about this being a HIPAA violation simply because that nurse didn’t have the need to know any of that information. I currently work in a practice with 4.5 branches (one is a small temporary location we are using while we wait for another location to be built) and even though I have access to all our patients’ PHI and have signed the HIPAA agreement, that doesn’t mean I have the need to know and can just go looking into all our patients’ records at whim.

I agree with those who are telling you that you should document what you have witnessed because you never know…
 
You must log in or register to reply here.
Top