Wiki Is this a HIPPA violation?

sky

Guest
Messages
36
Location
Phoenix, AZ
Best answers
0
Our surgery scheduler took it upon herself to deliver the surgery instructions to patients after work. We didn't find out about this until one of the patient's called with questions. Other than being a potential worker's comp incident if she should be in an accident or trip & fall, would this be considered a HIPPA violation?
 
It's never a good idea to walk, drive or otherwise deliver medical information other than electronically or by US mail (although that can be risky....), but unless your employee specifically disclosed this patient's healthcare information to someone else, she hasn't really violated HIPAA. You may want an office policy with regards to how your surgical instructions should be communicated to patients, so that people aren't driving records all over town. Depending on what's in the surgical instructions, she may not have even delivered PHI...PHI is defined as
demographic information, medical history, test and laboratory results, insurance information and other data that is collected by a health care professional to identify an individual and determine appropriate care. So if none of that was on the surgical instructions, she didn't even have PHI in her posession.

Remember the incident in Boston a few years back when a billing manager left a folder of claims and bililing reports on the subway? That's the kind of issue that's a HIPAA violation.
 
Thank you so much. I have another question that bothers me. (I keep getting told I'm wrong all the time - I just need clarification). Our check in desk is open to the waiting room. We have no glass around it. The front desk girl calls insurance companies to verify eligibility & benefits. Which she does state the SSN & ID#,date of birth. Everyone in the waiting room can hear her. Now I know this is wrong. I mentioned it to the office manager & she said that it was not a HIPPA violation unless MANAGEMENT does it. OK. How about that?
 
Thank you so much. I have another question that bothers me. (I keep getting told I'm wrong all the time - I just need clarification). Our check in desk is open to the waiting room. We have no glass around it. The front desk girl calls insurance companies to verify eligibility & benefits. Which she does state the SSN & ID#,date of birth. Everyone in the waiting room can hear her. Now I know this is wrong. I mentioned it to the office manager & she said that it was not a HIPPA violation unless MANAGEMENT does it. OK. How about that?

HIPAA allows for this type of communication, realizing that not every place will be able to have private rooms for doing these types of transactions, nor do they expect covered entities to make drastic changes to bulidings so that every place is private. The front desk person should do all she can to maintain privacy such as speaking in a low voice, not make these calls when people are waiting to check in, or make these calls during a slower time or when patients are not being seen. If, however, someone does overhear her and she is doing her best effort to maintain patient confidentiality, this is known as an incidental disclosure and these are allowed under HIPAA. It doesn't matter the title of the person - HIPAA rules apply the same to everyone, manager or front desk receptionist.
 
I agree with MnTwins29, and want to emphasize that HIPAA does expect you to make reasonable efforts to avoid disclosing information. The suggestions MnTwins29 made for these "reasonable efforts" should be taken to heart.

Where on earth did your Office Manager get the idea that HIPAA rules apply differently to managers??? HIPAA law applies equally to all members of the practice, from owners to volunteers!
 
HIPAA Compliance

I recently discovered that my clinic's video cameras are also recording all conversations throughout the building. This includes check in and hallways. I know that video recordings are ok, but I believe that the audio recordings violate HIPPA? They may even be illegal as well. Is this a HIPPA violation? Is the clinic responsible for reporting this violation?
 
I would question whether or not the audio is stored onsite or in a cloud environment. I would also question how often it is purged or destroyed. And lastly, if the audio/video equipment is from a separate vendor I would question if the equipment has HIPAA compliant safeguards in place AND if you have a Business Associates Agreement with the vendor.
 
Top