Accidental mistake that led to HIPAA breach

This forum made possible through the generous support of SDN members, donors, and sponsors. Thank you.
southwestpremed06

southwestpremed06

Full Member
7+ Year Member
Joined
Jan 22, 2017
Messages
174
Reaction score
121
.
Members don't see this ad.
 
Last edited:
Hospitals have zero chill when it comes to intentional HIPAA breaches, ie intentionally accessing the chart of a high profile patient or your family member. While they may tell you to be more careful, make you do some training, etc, you’re not going to get fired for this.

If they were seriously considering such disciplinary action such as firing you I suspect you would already have heard from your PD by now and/or you would have been suspended pending an investigation.

Most important advice: don’t lie, cover up, or downplay what happened. Own your responsibility. Say you’re going to be more careful. At the same time don’t make it something bigger than it is—you printed an extra copy by honest mistake and it wound up in the hands of one other patient, who immediately turned it into the clinic.
 
It sounds like an MA accidentally gave the letter to a different patient, not you. That was not within your control. While you do have to be cautious about patient info, most people would likely think the letter didn't print. Even if you asked around the office to check before printing a 2nd copy, no one would've found it. It's not your fault and you aren't going to get fired.
 
You’re fine. If anyone is at fault here, it’s the MA who didn’t look through a pile of papers to make sure they weren’t giving someone else’s PHI to a random patient…
 
This sort of thing happens alllllllll the time. Sending out these letters is what keeps the people in the privacy office employed. You weren't the only employee at the hospital who did something similar that day, guaranteed. It'll happen again to you actually, almost certainly, probably during residency. Even more scarily, statistically, you'll make BIGGER mistakes that actually harm people! This is the last you will hear of this one, however, from your PD or otherwise. As others have said, they care about intentional breaches (if at all), eg looking up Whitney Houston after she is admitted to your hospital following her OD. I'm a little more concerned that you feel so insecure/unneeded at your residency that the thought of them firing you would even cross your mind related to something like this.
 
Last edited:
There's usually a compliance committee that goes over stuff like this since it happens all the time. I'm on one for our hospital and it always results in education and not firing.
 
Oh yeah this is a nothingburger. The hospital by law has the notify the patient and they may make you do a module or something, but this isn’t what gets people fired. The hospital does have to show that they made some effort to prevent future occurrences so you and the MA might get assigned a module or something.

Firing usually happens with someone intentionally looking at a chart they shouldn’t be - like celebrities or coworkers or family. It also happens when people post about patients on social media - that seems a more common issue in recent years.
 
Giovanotto said:
Not true at my program. We're treated like attendings in our clinic, as we should...
Click to expand...

Must be nice.

In both residency and fellowship, I wasn’t able to delegate jack **** to anyone…and I think that’s a pretty common theme in many training programs. You are there primarily to be cheap labor, and even at “elite” places, they don’t want you to forget that.
 
dozitgetchahi said:
Must be nice.

In both residency and fellowship, I wasn’t able to delegate jack **** to anyone…and I think that’s a pretty common theme in many training programs. You are there primarily to be cheap labor, and even at “elite” places, they don’t want you to forget that.
Click to expand...
Oh trust me, they have other ways of staying on brand. But if you're going to ask residents to run a busy, customer service driven clinic, you better be set up to handle it. That means having support staff who residents can delegate to. Either way, I large part of it comes to sharing resources. I do think its ultimately up to you to explore your resources and seek help, there's nothing in your residency contract that stipulates you can't use support staff. Either way, I fully understand my program is the exception. I think a lot of community and many academic programs have a "residency clinic".
 
Giovanotto said:
Oh trust me, they have other ways of staying on brand. But if you're going to ask residents to run a busy, customer service driven clinic, you better be set up to handle it. That means having support staff who residents can delegate to. Either way, I large part of it comes to sharing resources. I do think its ultimately up to you to explore your resources and seek help, there's nothing in your residency contract that stipulates you can't use support staff. Either way, I fully understand my program is the exception. I think a lot of community and many academic programs have a "residency clinic".
Click to expand...

In general medicine clinic as a resident: under-resourced county hospital meant that there were few if any support staff available.

In bougie, “name brand” rheumatology fellowship clinic: we had support staff, and we used them, but they were seriously overwhelmed and there were way too few of them to do everything they were supposed to be doing. So the culture of the department was to make fellows (and even attendings!) step up and do a lot of scut work, including scheduling patient appointments, hounding the schedulers to actually schedule tests such as MRIs, chase labs, fax things, etc. I somehow did way more scut work in that fellowship than I even did as a resident.
 
dozitgetchahi said:
In general medicine clinic as a resident: under-resourced county hospital meant that there were few if any support staff available.

In bougie, “name brand” rheumatology fellowship clinic: we had support staff, and we used them, but they were seriously overwhelmed and there were way too few of them to do everything they were supposed to be doing. So the culture of the department was to make fellows (and even attendings!) step up and do a lot of scut work, including scheduling patient appointments, hounding the schedulers to actually schedule tests such as MRIs, chase labs, fax things, etc. I somehow did way more scut work in that fellowship than I even did as a resident.
Click to expand...
Damn, that's wild! Out of curiosity, were your inbox messages screened by clinic staff/nurses, or was every little thing going straight to you?
 
Giovanotto said:
Damn, that's wild! Out of curiosity, were your inbox messages screened by clinic staff/nurses, or was every little thing going straight to you?
Click to expand...

Everything was going straight to us.

Also, this was an institution that gave everyone a smartphone when we started, and we were “encouraged” to give the number out to sick patients when they left the hospital in case they had issues before we saw them in clinic. I quit doing that after several of these patients called me over and over again on weekends about stupid things.

I could not wait to be done with that fellowship. So. Much. Scutwork. And nonsense that we never ever should have been dealing with.
 
dozitgetchahi said:
Everything was going straight to us.

Also, this was an institution that gave everyone a smartphone when we started, and we were “encouraged” to give the number out to sick patients when they left the hospital in case they had issues before we saw them in clinic. I quit doing that after several of these patients called me over and over again on weekends about stupid things.

I could not wait to be done with that fellowship. So. Much. Scutwork. And nonsense that we never ever should have been dealing with.
Click to expand...
Unreal.
 
dozitgetchahi said:
Everything was going straight to us.

Also, this was an institution that gave everyone a smartphone when we started, and we were “encouraged” to give the number out to sick patients when they left the hospital in case they had issues before we saw them in clinic. I quit doing that after several of these patients called me over and over again on weekends about stupid things.

I could not wait to be done with that fellowship. So. Much. Scutwork. And nonsense that we never ever should have been dealing with.
Click to expand...

That would be a big hell no for me... No patient is ever getting my cell phone number.
 
ThoracicGuy said:
That would be a big hell no for me... No patient is ever getting my cell phone number.
Click to expand...

The culture was so warped that they encouraged everyone to hand out that number…it was just stupid. I was always walking around with two cell phones (mine and theirs) and I finally just started turning theirs off if I wasn’t on call so that I wouldn’t have to deal with that crap.
 
dozitgetchahi said:
The culture was so warped that they encouraged everyone to hand out that number…it was just stupid. I was always walking around with two cell phones (mine and theirs) and I finally just started turning theirs off if I wasn’t on call so that I wouldn’t have to deal with that crap.
Click to expand...

I bet none of the attendings gave out their numbers...
 
The cell phone stuff sounds like it might be part of a formal DBT program? Unfortunately maybe it's the only part they implemented? It can work, but my goodness it has to be under the strictest of processes and controls with extensive specific provider training or it will make things much, much worse for everyone.
 
ThoracicGuy said:
I bet none of the attendings gave out their numbers...
Click to expand...

Oddly enough, some did. And that was where that “suggestion” to hand out the number came from. A couple of “highly dedicated”, niche-focused attendings who would hand out their institutional cell phone number to patients that had their niche illnesses (probably for clinical trial recruiting, etc). And then it just gradually grew into everyone doing it, and eventually it was “suggested” that fellows do it too.

It was stupid.
 
dozitgetchahi said:
Oddly enough, some did. And that was where that “suggestion” to hand out the number came from. A couple of “highly dedicated”, niche-focused attendings who would hand out their institutional cell phone number to patients that had their niche illnesses (probably for clinical trial recruiting, etc). And then it just gradually grew into everyone doing it, and eventually it was “suggested” that fellows do it too.

It was stupid.
Click to expand...

Yeah, I wouldn't be a part of that circus...
 
Back to the original topic I could have sworn somewhat recently on the forum a couple tales of folks being disciplined harshly and one even immediately terminated over a HIPAA breach. But they were intentional and pretty egregious.
 
You must log in or register to reply here.

Similar threads

B
huge mistake!
Replies
1
Views
2K
sisyphus22
S
R
Protocol: Now that you've matched, what next??
Replies
16
Views
3K
Coordinator
Coordinator
R
Email PD of residency program that rejected you?
Replies
12
Views
15K
lowbudget
lowbudget
A
Are Community Programs Really that Competent?
Replies
13
Views
2K
automaton
A
Misterioso
Daddy, I want that residency!
Replies
33
Views
5K
3dtp
3
Top