Monday, February 13, 2017

HIPAA violations

I don't understand HIPAA.  I mean, I do understand it, but I don't always understand why one thing violates it while and other doesn't. For example, when I go to the doctors office and they call out my entire name in the waiting room, isn't that a violation?

I was in the middle of a phone call yesterday that somebody at work claimed was a violation, but I'm sure that it was not. I was calling the daughter of a patient of mine per her request, and even though there was no voicemail message, I left the following message:

"Hi, this is Dr. Fizzy.  I'm calling about your mother. She's doing great, but I just wanted to touch base with you about her care. Please call me back at 555-5555."


I can't for the life of me figure out how this violates HIPAA, but feel free to educate me.

15 comments:

  1. If you were calling the daughter at the request of the patient, it wasn't a HIPAA violation: the patient gave you permission to share the information with a specific individual. It could have be a violation if you mis-dialed and left a message including the patient's name at a wrong number, but I don't think it would be a violation if you mis-dialed and said, "your mother" instead of the patient's name. "Your mother" isn't personally identifiable information.

    And if they call out your whole name in the office, it is a violation. First names, yes; last names, no.

    ReplyDelete
    Replies
    1. I fail to see how calling out a full name in a waiting room is a HIPAA violation; it's not as if your name is privileged information that discloses such personal information as your health status, SS#, etc.

      Delete
    2. But if it is, say, a multiple sclerosis specialist, that gives the people in the room a lot of information about you.

      Delete
    3. I just learned something! I have always hated that some child who works in the doctor's office calls me by my first name. While I'd like to say, "Mrs. X to you," I don't want to start anything so I just seethe. Now I find out using my last name would be a HIPAA violation. (I think HIPAA's rules are often arbitrary, annoying and often ignored, but I at least understand making an attempt to comply with it.)

      Delete
    4. The best link is https://www.hhs.gov/hipaa/for-professionals/privacy/.

      To address specific questions:
      https://www.hhs.gov/hipaa/for-professionals/faq/disclosures-to-family-and-friends

      https://www.hhs.gov/hipaa/for-professionals/faq/199/may-health-care-providers-use-sign-in-sheets/index.html

      I would highly suggest you review HITECH also. HHS not only does HIPAA but HITECH applies in circumstances that follow along with HIPAA.


      Delete
    5. It wouldn't occur to me to address another adult as "Mrs. X" except maybe if I was joking with a friend. Or sending a wedding invitation. That's a level of formality that isn't common in my part of the country. The only people I would address as Mr./Mrs. are people who were friends of my parents when I was a child. (New friends who they make now, I think of by their first names.)

      Delete
  2. Not being a medical person, sounds like HIPAA is being used as a convenient excuse to hide behind at times.

    ReplyDelete
  3. Because on the message you should only say This is Dr. Fizzy please call me at your earliest convenience at 817-555-5555 etc. In case someone else listens to the message they now know that the person is in the hospital and you are her dr... Also id the person at work had no direct need to know about that particular patients information ie for billing, scheduling etc, then they shouldn't have heard also. Its a need to know basis for coworkers as well.

    ReplyDelete
    Replies
    1. But I didn't use any names at all, aside from mine. And the message was on a cellphone not a work number.

      I say the other stuff so the person won't be scared when they hear the message.

      Delete
    2. (The person at work who overheard was another physician consulting on the patient.)

      Delete
    3. If you didn't use names and the coworker was a consulting doc then I agree with you.

      Delete
  4. You were fine. It was by the patient's request. No worries. You could have left even detailed information if you knew the number was definitely hers.

    ReplyDelete
  5. My guess is that the coworker didn't know it was per pt request.

    PS. I was at an urgent care recently and all the pts had to come up to the receptionist and state why they are there. Everyone could hear it. I think the real HIPAA problems are with the administrative staff, rather than healthcare personnel.

    ReplyDelete
  6. Sounds like you were fine - and oddly overly conscientious consultant. I mean, who really thinks these scenarios are bad for patients? ... Also another scenario - HIV clinic - calling out a patient's full name - not very nice.

    ReplyDelete
  7. The only thing I can think of that would be a HIPAA*** violation was that you left the message on the voice mail/answering machine??? When I start w/ a new doc one of the questions they ask is, "May we leave a message on your voice mail/answering machine?" Other than that, I'm not sure, especially since your patient asked you to make the call. Did you ask the person what the HIPAA violation was?

    I agree about using a full name in a doc's office. Many years ago I had to see a hemo/onc doc but not for the reason you would normally see one. I was called by my first/last name and the aunt of one of my students was in the office as well (I didn't know her but she knew of me). By the next day, my email, voice mail & those of my current administrators were blowing up because they heard that I was ill and being seen by hemo/onc doctor! It got so out of hand that many of my students "found out," too!

    *** HIPAA: I wonder when people (including med personal) will figure out that it's HIPAA and NOT HIPPA?

    ReplyDelete