HIPAA what happened?

This forum made possible through the generous support of SDN members, donors, and sponsors. Thank you.
Members don't see this ad.
Here we go:
http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/index.html

Permitted Uses and Disclosures. A covered entity is permitted, but not required, to use and disclose protected health information, without an individual’s authorization, for the following purposes or situations: (1) To the Individual (unless required for access or accounting of disclosures); (2) Treatment, Payment, and Health Care Operations; (3) Opportunity to Agree or Object; (4) Incident to an otherwise permitted use and disclosure; (5) Public Interest and Benefit Activities; and (6) Limited Data Set for the purposes of research, public health or health care operations.18 Covered entities may rely on professional ethics and best judgments in deciding which of these permissive uses and disclosures to make.

(1) To the Individual. A covered entity may disclose protected health information to the individual who is the subject of the information.

(2) Treatment, Payment, Health Care Operations. A covered entity may use and disclose protected health information for its own treatment, payment, and health care operations activities.19 A covered entity also may disclose protected health information for the treatment activities of any health care provider, the payment activities of another covered entity and of any health care provider, or the health care operations of another covered entity involving either quality or competency assurance activities or fraud and abuse detection and compliance activities, if both covered entities have or had a relationship with the individual and the protected health information pertains to the relationship. See additional guidance on Treatment, Payment, & Health Care Operations.


Treatment is the provision, coordination, or management of health care and related services for an individual by one or more health care providers, including consultation between providers regarding a patient and referral of a patient by one provider to another.20


Payment encompasses activities of a health plan to obtain premiums, determine or fulfill responsibilities for coverage and provision of benefits, and furnish or obtain reimbursement for health care delivered to an individual21 and activities of a health care provider to obtain payment or be reimbursed for the provision of health care to an individual.

Health care operations are any of the following activities: (a) quality assessment and improvement activities, including case management and care coordination; (b) competency assurance activities, including provider or health plan performance evaluation, credentialing, and accreditation; (c) conducting or arranging for medical reviews, audits, or legal services, including fraud and abuse detection and compliance programs; (d) specified insurance functions, such as underwriting, risk rating, and reinsuring risk; (e) business planning, development, management, and administration; and (f) business management and general administrative activities of the entity, including but not limited to: de-identifying protected health information, creating a limited data set, and certain fundraising for the benefit of the covered entity.22
Click to expand...
 
"'Treatment is the provision, coordination, or management of health care and related services for an individual by one or more health care providers, including consultation between providers regarding a patient and referral of a patient by one provider to another"

thanks for posting this, docB.

HIPAA allows a wide degree of latitude- a direct doctor-patient relationship is not required to access records. Individual institutions/hospitals can have more restrictive policies if they desire.
 
michaelrack said:
HIPAA allows a wide degree of latitude- a direct doctor-patient relationship is not required to access records. Individual institutions/hospitals can have more restrictive policies if they desire.
Click to expand...

That is really the crux of all this. HIPAA isn't that restrictive. It is armed with heavy fines though. Those fines caused institutions to enact very restrictive policies. Those policies are really the hated HIPAA that everyone in the field refers to.
 
Buzz Me said:
But how long would it take for the pathologists to read through every single H&P for every single case going on that day?!

Seems inefficient.
Click to expand...

My typical routine: Look at the cases, pick out the 10% or so that I think are going to get frozens. I like to be prepared, so I look at some imaging (not all), labs if useful (tumor markers) and maybe a note or two. Certainly not all the H&Ps- most notes are useless anyway.
 
Arch Guillotti said:
I surf charts sometimes. Usually I don't even look at the name. If I did happen to look at the name and recognize it, I would not look under any circumstances.

I may have to rethink my practice.
Click to expand...
At least twice at my med school, I was looking at lists that I was allowed to be looking at (in fact, the only way to get to certain patient info was via this) that showed me something about a med student or resident I knew. I didn't open up their file or anything, but it had a few code words following it. In both cases, it was very easy to figure out what they were having done and why. I thought it could have been more appropriately concealed.

oldbearprofessor said:
The L & D board is situated in a place that only staff can see it, but includes identifying information and, at times, somewhat "personal" information.
Click to expand...
Yep, like recognizing an attending's name (who was coming in as a patient, and why)...


I've even looked at the OR board and recognized friends/co-workers who were getting an operation, on quite a few occasions actually, at several different hospitals.
 
Doctor Bagel said:
That's pretty much a huge deal to look at records of your colleagues. IMO, about one of the most grossly unprofessional things a person can do and should be reported.
Click to expand...
What about when you have to care for one of them? 😉

I just hope I don't get appendicitis in the next 4 years, because there's no other hospital even close to me that's covered by my insurance, so I'd be coming here.


QofQuimica said:
Not sure if you specifically are referring to my comments, but what we were warned about is that we are not allowed to continue to follow the patient through the EMR after we are no longer involved in their care. They didn't specifically say that we couldn't look at the portions of the chart we had available while we were on the rotation, although I for one wouldn't be trying it without written permission.
Click to expand...
I think if you are an EM physician/resident, and you care for a patient and then consult a service that subsequently admits that patient, it is reasonable (and wise) to see what the consulting service did with the patient that you were caring for (in this hospital admission). If you see a patient with belly pain, suspect it's appendicitis and consult surgery, who then takes the patient to the OR, it would be very beneficial for you to know if they actually found something quite different.
 
TheProwler said:
I think if you are an EM physician/resident, and you care for a patient and then consult a service that subsequently admits that patient, it is reasonable (and wise) to see what the consulting service did with the patient that you were caring for (in this hospital admission). If you see a patient with belly pain, suspect it's appendicitis and consult surgery, who then takes the patient to the OR, it would be very beneficial for you to know if they actually found something quite different.
Click to expand...
I agree completely that being able to follow up on admitted patients would be beneficial to the ER resident/attending in terms of them being able to improve their practice. In fact, it would beneficial to residents in all specialties to be able to follow up on patients who were sent to other services and/or remained on the previous service after the resident rotates off that service. However, the issue I'm talking about here is whether doing this will run afoul of institutional regulations and/or HIPAA itself. As I said, my med school's affiliated hospital did not allow us to follow patients once we were no longer involved in their care. So when I got off surgery and started on medicine, I was not allowed to keep following my remaining surgery patients via the EMR to see how they did, regardless of the fact that it would almost certainly have benefited my education.
 
QofQuimica said:
I agree completely that being able to follow up on admitted patients would be beneficial to the ER resident/attending in terms of them being able to improve their practice. In fact, it would beneficial to residents in all specialties to be able to follow up on patients who were sent to other services and/or remained on the previous service after the resident rotates off that service. However, the issue I'm talking about here is whether doing this will run afoul of institutional regulations and/or HIPAA itself. As I said, my med school's affiliated hospital did not allow us to follow patients once we were no longer involved in their care. So when I got off surgery and started on medicine, I was not allowed to keep following my remaining surgery patients via the EMR to see how they did, regardless of the fact that it would almost certainly have benefited my education.
Click to expand...

I am absolutely certain this doesn't violate HIPAA. I guess it's possible that you had a very idiotic institutional policy in place (although it's also possible for people to misrepresent policy to medical students).
 
QofQuimica said:
I agree completely that being able to follow up on admitted patients would be beneficial to the ER resident/attending in terms of them being able to improve their practice. In fact, it would beneficial to residents in all specialties to be able to follow up on patients who were sent to other services and/or remained on the previous service after the resident rotates off that service. However, the issue I'm talking about here is whether doing this will run afoul of institutional regulations and/or HIPAA itself. As I said, my med school's affiliated hospital did not allow us to follow patients once we were no longer involved in their care. So when I got off surgery and started on medicine, I was not allowed to keep following my remaining surgery patients via the EMR to see how they did, regardless of the fact that it would almost certainly have benefited my education.
Click to expand...

That is stupid, and I doubt the general public would want that for their (future) doctors. Someone looking in a chart for fun or to snoop is quite different than a med student or resident following up on a patient.
 
You must log in or register to reply here.

Similar threads

R
  • Locked
Possible HIPAA violation and consequences?
Replies
19
Views
4K
RangerBob
RangerBob
southwestpremed06
Accidental mistake that led to HIPAA breach
Replies
23
Views
6K
Crayola227
Crayola227
T
What medical specialty has the least amount of "office politics" in residency and attending?
Replies
12
Views
2K
Neuronix
Neuronix
M
  • Locked
Physicians- What do you think about podiatry?
Replies
8
Views
3K
Mum
M
I
I made a mistake, what repercussions should I expect?
Replies
15
Views
5K
AlbinoHawk DO
AlbinoHawk DO
Top