HIPPA Breach??

This forum made possible through the generous support of SDN members, donors, and sponsors. Thank you.
Sometimes you can avoid that by just looking at "chief complaint" rather than opening the actual chart. Still a violation, but I'm not sure if most EMRs log you just looking at the bed assignments vs opening the charts.
 
keifernny2 said:
Sometimes you can avoid that by just looking at "chief complaint" rather than opening the actual chart. Still a violation, but I'm not sure if most EMRs log you just looking at the bed assignments vs opening the charts.
Click to expand...

It's still a problem, if the chief complaint is relevant. For example if a resident covering for ortho opens a chart because the chief complaint is a sports related injury, and looks at the initial imaging but for whatever reason never gets consulted, I think that's technically not allowed. But happens widely at most hospitals I've been at.

If you are on call and trying to decide if you have a few minutes to take a nap or grab some food, it's nice to know there aren't a couple of patients already in the ED with your name on them. Might even let you preemptively grab the consult early and nix wasteful imaging/studies that you would not otherwise want. It's not so much trolling for idle curiosity, you actually can plan your night better if you know what's brewing. But again, I think it's not allowed.
 
Last edited:
Law2Doc said:
It's still a problem, if the chief complaint is relevant. For example if a resident covering for ortho opens a chart because the chief complaint is a sports related injury, and looks at the initial imaging but for whatever reason never gets consulted, I think that's technically not allowed. But happens widely at most hospitals I've been at.

If you are on call and trying to decide if you have a few minutes to take a nap or grab some food, it's nice to know there aren't a couple of patients already in the ED with your name on them. Might even let you preemptively grab the consult early and nix wasteful imaging/studies that you would not otherwise want. It's not so much trolling for idle curiosity, you actually can plan your night better if you know what's brewing. But again, I think it's not allowed.
Click to expand...

It's definitely not allowed. We've had consulting service residents get scolded for showing up in the ED before we call.
 
I will sometimes be in the ER anyway doing something else and see a new consult pop up and before they get a chance to call I show up. 🙂 the ER docs like that. 😉
 
I legit thinking just glancing at the ED census and not opening any charts can't get you if you're legit on shift in the hospital. Most ED computer have that view already up on all the machines even patients walking by can see it.

The reasoning of glancing at the census to help with workflow is not compromising patient confidentiality and you are doing it to provide patient care.

If on the other hand you're not inpatient and just doing side chart review to line your pockets, different story
 
Crayola227 said:
I legit thinking just glancing at the ED census and not opening any charts can't get you if you're legit on shift in the hospital. Most ED computer have that view already up on all the machines even patients walking by can see it.

The reasoning of glancing at the census to help with workflow is not compromising patient confidentiality and you are doing it to provide patient care.

If on the other hand you're not inpatient and just doing side chart review to line your pockets, different story
Click to expand...
Glancing at the census isn't against the rules, but opening the charts of every patient with the CC of chest pain in case they might need a cards consult is. Not to say I haven't done it when I've been on cardiology or ICU (services it's easier to identify possible consults), but still possible to get bit.
 
I'll admit that I used to troll the ED census when I was moonlighting on the BMT service. I looked for frequent fliers that I knew well (usually because they were on the service the week before) and if they were in the ED, would check their chart before I tried to lie down for a bit. But I didn't just go opening up random charts.
 
The era of EMR has truly spawned the HIPPA violation. Prior to EMR, who could tell who was looking at your chart? I've heard the most ridiculous stories about ex's, selves, parents, etc. all getting busted into the Chief Compliance Officer's office for chart snooping. Whenever large pro-sports events happen here there is a pre-emptive "Don't Look" email sent out. I'm sure people are still looking. Human beings' willpower is weak and curiousity killed more than the cat.

Last week I had an MRI and didn't get a prompt call-back about the result. It took serious counseling from my physician wife for me not to log in and check it.
 
IMPD said:
The era of EMR has truly spawned the HIPPA violation. Prior to EMR, who could tell who was looking at your chart? I've heard the most ridiculous stories about ex's, selves, parents, etc. all getting busted into the Chief Compliance Officer's office for chart snooping. Whenever large pro-sports events happen here there is a pre-emptive "Don't Look" email sent out. I'm sure people are still looking. Human beings' willpower is weak and curiousity killed more than the cat.

Last week I had an MRI and didn't get a prompt call-back about the result. It took serious counseling from my physician wife for me not to log in and check it.
Click to expand...
It's a HIPAA violation to view your own records? I don't know that I can believe this.
 
hamstergang said:
It's a HIPAA violation to view your own records? I don't know that I can believe this.
Click to expand...
+/- your regular interpretation of HIPAA, but it's definitely a violation of hospital policy everywhere I've been at. Hospital policy is in almost all circumstances significantly more restrictive than the law, because they don't even want the resemblence of a possible violation.
 
IMPD said:
It is.
Click to expand...
Unless you can support that with something, I'm still not going to believe it. I've read quite a bit on what HIPAA actually says, and I can't find evidence that what you're saying is true. I certainly believe, as Raryn says, that it's likely a violation of hospital policy regardless of what hospital you're in, however.
 
Raryn said:
+/- your regular interpretation of HIPAA, but it's definitely a violation of hospital policy everywhere I've been at. Hospital policy is in almost all circumstances significantly more restrictive than the law, because they don't even want the resemblence of a possible violation.
Click to expand...
UPMC policy is that you can look at all your own stuff, EXCEPT anything mental health or HIV.
 
My institution you absolutely could look in your own chart. You weren't supposed to make edits. There was specifically a box for breaking the glass that said reason: personal record. As in, your personal record.

Read the hospital policies closely. I've checked up on patients I've personally cared for as a resident after they leave the hospital. Reason: educational purposes to track outcome. For each patient I did that I had a very specific and reasonable explanation. I could have written a short essay with citations and made it very much an academic circle jerk why. Read the policy closely and have a damn justifiable reason for doing it.

In fact, I asked the HIPAA officers at my institution about both of the above, looking at my own chart and that of patients I cared for but had an direct educational purpose for chart review, and it was OK'd. Without an OK and common sense I can see how some institutions may have more damaging policies.
 
Raryn said:
+/- your regular interpretation of HIPAA, but it's definitely a violation of hospital policy everywhere I've been at. Hospital policy is in almost all circumstances significantly more restrictive than the law, because they don't even want the resemblence of a possible violation.
Click to expand...

This

Hospitals come up with some dumb policies in order to ensure 100% compliance... and even then it usually doesn't work.
 
TooMuchResearch said:
My main institution allows us to view our records but not print.
Click to expand...

What's the point of that? They can't stop you from taking a screen shot and printing that out...not sure how a "no print" ability in the EMR will help anything if the record is allowed to be accessed.
 
Apollyon said:
UPMC policy is that you can look at all your own stuff, EXCEPT anything mental health or HIV.
Click to expand...

PA law regarding HIV testing/consent was a lot more strict than anywhere else I've ever been (meaning one other state...) so that doesn't surprise me.
 
I was one of those residents who knew a psych consult was coming before the assigned ED resident or attending did. A violation? probably. Though after a while you knew which charts to open in Cerner/FirstNet based on what the two word CC displayed as.

Psych patients were usually triaged to two or three of our more secluded rooms in the ED so I'd usually check those before going to bed or dealing with something else on the floors to make sure I wasn't going to get a page. The place I worked at for a number of reasons was unlikely to ever get a VIP in the ED but I did once open up a case that turned out to be a sexual assault of a local student, after that I became a lot more careful about which ones I opened.
 
Smurfette said:
What's the point of that? They can't stop you from taking a screen shot and printing that out...not sure how a "no print" ability in the EMR will help anything if the record is allowed to be accessed.
Click to expand...

No, it will still print. The policy is don't print your own records, get them from the records department if you need official documentation.
 
Crazy at my institution they claimed that the electronic access record would keep track of every record you printed, when, and what printer it went to. For sure, when you pulled it out of the printer at the bottom was timestamp of print, by who, and printer location. I figured if they could electric stamp all that onto the paper that teeny bit of data was also electronically stored. I had at one point figured out exactly how to access the access log of any patient to see what anyone else had done in the chart for any time frame. Another reason I always say be careful what you do in EHR matches up with claimed hours, or any other claim. Anyway, you'd think that would be good enough to see if you printed your own record. They probably don't want you to print your own records, doctor them (because, well, you're a doctor) and pass them off to a 3rd party as real. Chain of evidence I was told by an attorney once. (I never did this myself but apparently one of my colleagues did). So forbidding you to print your own and go through the office may be to discourage that I dunno.

Although oddly when backtracking orders one will see nonsensisical authors sometimes. That mostly happened with EHR Go Live. *Shivers*. Sorry, EHR digression.

This thread just goes to show how much EHR and hospital policy differ hospital to hospital, even under the same platform. It's been 5 years on the same one but like 5 different hospitals for me.
 
You must log in or register to reply here.

Similar threads

southwestpremed06
Accidental mistake that led to HIPAA breach
Replies
23
Views
6K
Crayola227
Crayola227
T
GME no longer paying for conference travel - is this a breach of contract?
Replies
6
Views
2K
Shikima
Shikima
S
ERAS security breach -- anyone else affected?
Replies
14
Views
5K
notinkansas
N
Top