Just An HR Girl Living In A Messed Up World
  • Blog
  • Who I Am
  • Your Voice
  • Random Miscellany: Inspiration
  • Random Miscellany: Photos & Videos
  • Sharing Is Caring
  • TRUE NORTH
  • Blog
  • Who I Am
  • Your Voice
  • Random Miscellany: Inspiration
  • Random Miscellany: Photos & Videos
  • Sharing Is Caring
  • TRUE NORTH
THE ULTIMATE BLOG ON ALL THINGS HR
​& THEN SOME

just an hr girl

No Funny Business: HIPAA Compliance Is Not An Option

7/15/2019

0 Comments

 
Picture
A few days late....my apologies!

You were recently admitted to a local hospital for an emergency procedure. You are also an employee at this same hospital. Your fellow employees were concerned for your wellbeing and one of them innocently asked nursing staff for an update on your condition. Knowing the employee was a coworker, nursing staff obliged.
 
Is this a HIPAA violation? If so, which parties violated your privacy? If not, why not?
 
A local mayor stops into an urgent clinic to be evaluated for a severe sore throat, among other symptoms. The doctor decides to run tests based on a combination of symptoms. The clinic is about to close for the night, so the doctor calls in prescriptions to the mayor’s local pharmacy. The next day the pharmacist calls the clinic to clarify the doctor’s orders and speaks to the nurse. The nurse was not on shift the night before, so the nurse pulls up the mayor’s chart.
 
Did the nurse violate HIPAA? Did the pharmacist?
 
Let me back up and spell out HIPAA for you. It stands for Health Insurance Portability and Accountability Act. The initial aim of the regulation was to guard against wrongful use and disclosure of protected health information (PHI). It also outlines which parties should be allowed to exchange electronic PHI for patient care purposes, particularly health insurance claims. This is a basic explanation from a 30,000-foot level.
 
Let’s discuss what happens if you—meaning healthcare provider, for the purposes of this blog post—violate HIPAA. First, you would have to be someone who was not on a need-to-know basis with regard to an individual’s PHI. In other words, a hospital Information Technician is not typically on such a basis in performing the duties of their job. So what happens to such a person who accesses another person’s PHI without having a legitimate need to know? In general terms, you could be fined up to $250,000 and sentenced up to 10 years in prison per violation.
 
What exactly does that mean? Well, in the first scenario above, the concerned employee could be on the hook for one violation per individual with whom he or she shared your protected health information. Also, he or she could be facing up to ten years in prison. Keep in mind good intention is not a defense. However, I would suspect the coworker in this scenario would likely face a minimal fine or jail time, if any.
 
Even in our cyber-secure world, there are instances of breaches. Whether with intent from an external source or by mistake internally, PHI can get into the wrong hands. In such cases, the organization has a responsibility to alert every single individual with PHI that may or may not have been divulged. This could mean hundreds or even thousands. Imagine the anxiety and mistrust created. It can be hard for an organization to regain the trust of so many patients or customers.
 
Stop and ask yourself if you would want your privacy violated, especially your private health information. Conversely, stop and ask yourself if you are violating your coworker’s privacy by 1) asking medical personnel about your coworker and 2) sharing the information you learned from medical personnel. Would you do the same for any other patient in your facility? The concern you have for your coworker is valid and admirable. But respect his or her privacy and allow your coworker the opportunity to decide what information is shared and with whom.
 
Granted, my examples are in a healthcare setting. But I would argue the same principle applies to other industries. Wages, disciplinary actions, information not yet released to the public, and even company secrets are all things that should be held close to the vest. Of course employees can discuss working conditions including wages and disciplinary actions. As an HR professional, however, I would never discuss wages or disciplinary actions outside the realm of Human Resources. And neither should managers if they wish to have the respect reciprocated.
 
When managers share this information outside of HR, it can create friction among employees and managers, even outside the manager’s department. And while it is customary for leadership to review company secrets and pending developments, what is not customary is sharing this information outside the organization. Transparency is key. I believe in keeping employees informed of what may be around the corner for the organization. This builds trust, commitment, and loyalty. But keep in mind which information may be considered a need-to-know basis within leadership.
 
HIPAA compliance is no laughing matter. Neither is disclosing other types of confidential information. It all comes down to responsibility and accountability. We must all hold ourselves to a high standard when considering whether or not to seek and/or share such information. Of course, there’s also the matter of high fines and jail time. If that doesn’t scare you straight, then I suppose nothing would.  What I know to be true is I don’t look good in orange and I certainly don’t have an extra quarter million dollars.
 
  • Have questions about other examples of potential HIPAA violations? Leave a comment!
  • For full answers to the first two scenarios, leave a comment!

0 Comments



Leave a Reply.

    Creator

    Creator: That makes me sound all powerful. I suppose I am in many ways. Hi! My name's Amy and I've been practicing HR for twelve years now. No big deal. I am here to offer fresh perspective on HR topics and topics about the world we live in and life in general.

    Having said that, do I
    honestly think this world is messed up beyond repair? Absolutely not. What I mean is there are a lot of unsavory things happening--whether political, cultural, 
    social, religious--that could probably use self reflection. I've never been a sheep blindly following the other sheep. Nor am I a wolf in sheep's clothing.

    I am simply just an HR girl. Only I am more than that. Here I am offering my take on all things HR and then some. I love to travel and history is kinda my thing--hence the photos and videos. Be sure to browse the other pages to get a taste of who I am.

    Check back often for a new blog. I hope to use my influence for good! And by all means, your voice is welcome!

    Archives

    February 2022
    July 2021
    April 2020
    October 2019
    September 2019
    July 2019
    June 2019

    Categories

    All

    RSS Feed

© COPYRIGHT 2015. ALL RIGHTS RESERVED.