haapai
Junior Associate
Character
Joined: Dec 20, 2010 20:40:06 GMT -5
Posts: 5,983
|
Post by haapai on Aug 29, 2013 13:16:51 GMT -5
I'm supposed to be on vacation. Instead, I'm glued to my computer waiting to hear from the nice lady who works in the hospital's privacy department.
One of my coworkers has accused another coworker of breaking into his medical records and publicizing the results. The details are hazy (and I wouldn't share them anyways) but he alleges that she obtained access via a nurse friend and got his medical records from the biggest hospital around here. Then she told other people what she found.
There is some confirmation from the physician who employed the nurse that his records were compromised. (I haven't seen it, but that's a stupid thing to lie about.) Since the person whose records were accessed is not a patient of this physician, there is no good reason why his records were requested and viewed multiple times.
Other coworkers have been contacting the hospital and requesting an accounting of disclosures of their medical records. Almost everyone who has lived here for any amount of time has been treated at this particular hospital or had tests performed there. At least one other coworker has learned of a suspicious request for information but not the identity of the entity making the request.
The person who allegedly snooped in medical records was gone for several days and everyone either believed that she was fired or was actually told that she was no longer our problem. Now she's back. She might have just gotten a paid vacation out of this!
I'm so angry at this skank that I'm almost hoping that my records have been compromised in such a way as to nail her and her confederate to the wall. I want revenge so badly that it's almost worth shelling out for credit locks and credit reporting services for the rest of my life.
|
|
Rocky Mtn Saver
Junior Associate
Joined: Dec 23, 2010 9:40:57 GMT -5
Posts: 7,461
|
Post by Rocky Mtn Saver on Aug 29, 2013 13:24:24 GMT -5
Just out of curiosity, were the 'he' and the 'she' involved in a relationship, by any chance? This seems like the kind of thing that happens when relationships go sour.
|
|
haapai
Junior Associate
Character
Joined: Dec 20, 2010 20:40:06 GMT -5
Posts: 5,983
|
Post by haapai on Aug 29, 2013 13:31:00 GMT -5
No. They were never friends or friends with benefits.
|
|
Rocky Mtn Saver
Junior Associate
Joined: Dec 23, 2010 9:40:57 GMT -5
Posts: 7,461
|
Post by Rocky Mtn Saver on Aug 29, 2013 13:35:42 GMT -5
Well, they're never gonna be now!
|
|
Rocky Mtn Saver
Junior Associate
Joined: Dec 23, 2010 9:40:57 GMT -5
Posts: 7,461
|
Post by Rocky Mtn Saver on Aug 29, 2013 13:36:43 GMT -5
Any idea why this person is going to so much effort to dig into the guy's medical file? Just bored?
|
|
Shooby
Senior Associate
Joined: Jan 17, 2013 0:32:36 GMT -5
Posts: 14,782
Mini-Profile Name Color: 1cf04f
|
Post by Shooby on Aug 29, 2013 13:37:37 GMT -5
Well, i am not sure that Hippa applies. People seem to think that Hippa applies to everyone. It only applies under certain conditions. Not sure if it does here or not.
|
|
haapai
Junior Associate
Character
Joined: Dec 20, 2010 20:40:06 GMT -5
Posts: 5,983
|
Post by haapai on Aug 29, 2013 13:40:02 GMT -5
No, they'll never be friends.
Rocky, when you think of the worst thing that someone could find in a person's medical records and disclose, what is the first thing that comes to mind?
Yeah, it was that. He'll probably be leaving this small town soon.
|
|
Rocky Mtn Saver
Junior Associate
Joined: Dec 23, 2010 9:40:57 GMT -5
Posts: 7,461
|
Post by Rocky Mtn Saver on Aug 29, 2013 13:42:12 GMT -5
No, they'll never be friends. Rocky, when you think of the worst thing that someone could find in a person's medical records and disclose, what is the first thing that comes to mind? Yeah, it was that. He'll probably be leaving this small town soon.
|
|
movingforward
Junior Associate
Joined: Sept 15, 2011 12:48:31 GMT -5
Posts: 8,385
|
Post by movingforward on Aug 29, 2013 13:45:06 GMT -5
No, they'll never be friends. Rocky, when you think of the worst thing that someone could find in a person's medical records, what is the first thing that comes to mind? Yeah, it was that. He'll probably be leaving this small town soon. If there is any way to verify this person pursued another person's medical records and shared that information then I would fire her immediately. Also, HIPAA should apply in this situation and that nurse should be fired as well.
|
|
Shooby
Senior Associate
Joined: Jan 17, 2013 0:32:36 GMT -5
Posts: 14,782
Mini-Profile Name Color: 1cf04f
|
Post by Shooby on Aug 29, 2013 13:45:52 GMT -5
I'm not a HIPAA expert, but I'm pretty sure an employee gaining access to someone's medical files and sharing it with someone other than allowed by law is pretty much the definition of HIPAA... I don't know if it applies. You would have to call the hotline or talk to a lawyer. Individuals, organizations, and agencies that meet the definition of a covered entity under HIPAA must comply with the Rules' requirements to protect the privacy and security of health information and must provide individuals with certain rights with respect to their health information. If a covered entity engages a business associate to help it carry out its health care activities and functions, the covered entity must have a written business associate contract or other arrangement with the business associate that establishes specifically what the business associate has been engaged to do and requires the business associate to comply with the Rules’ requirements to protect the privacy and security of protected health information. In addition to these contractual obligations, business associates are directly liable for compliance with certain provisions of the HIPAA Rules. If an entity does not meet the definition of a covered entity or business associate, it does not have to comply with the HIPAA Rules. www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/index.html
|
|
mmhmm
Administrator
It's a great pity the right of free speech isn't based on the obligation to say something sensible.
Joined: Dec 25, 2010 18:13:34 GMT -5
Posts: 31,770
Today's Mood: Saddened by Events
Location: Memory Lane
Favorite Drink: Water
|
Post by mmhmm on Aug 29, 2013 13:48:12 GMT -5
If, indeed, the doctor's employee (the nurse) accessed the records of a patient (whether of her employer, or a hospital, or anybody else who provided medical care/service to this individual) and shared that information with anyone without a HIPAA-approved need to know, HIPAA was violated. There's no question of that. I'm truly sorry for the victim, haapai. This really does need to be resolved and justice meted out to whomever decided it was okay to snoop and share. If this sort of thing is just glossed over, it will continue to happen.
|
|
Shooby
Senior Associate
Joined: Jan 17, 2013 0:32:36 GMT -5
Posts: 14,782
Mini-Profile Name Color: 1cf04f
|
Post by Shooby on Aug 29, 2013 13:49:58 GMT -5
You would think the snoops would realize that everything you do on a computer can be traced back.
|
|
movingforward
Junior Associate
Joined: Sept 15, 2011 12:48:31 GMT -5
Posts: 8,385
|
Post by movingforward on Aug 29, 2013 13:52:19 GMT -5
If, indeed, the doctor's employee (the nurse) accessed the records of a patient (whether of her employer, or a hospital, or anybody else who provided medical care/service to this individual) and shared that information with anyone without a HIPAA-approved need to know, HIPAA was violated. There's no question of that. I'm truly sorry for the victim, haapai. This really does need to be resolved and justice meted out to whoever decided it was okay to snoop and share. If this sort of thing is just glossed over, it will continue to happen. My company actually does continuing education in the medical field and one of the regular topics is HIPAA violations. It is a BIG deal. This nurse must be a total idiot...
|
|
Sharon
Senior Associate
Joined: Dec 19, 2010 22:48:11 GMT -5
Posts: 11,285
|
Post by Sharon on Aug 29, 2013 13:52:22 GMT -5
If, indeed, the doctor's employee (the nurse) accessed the records of a patient (whether of her employer, or a hospital, or anybody else who provided medical care/service to this individual) and shared that information with anyone without a HIPAA-approved need to know, HIPAA was violated. There's no question of that. I'm truly sorry for the victim, haapai. This really does need to be resolved and justice meted out to whoever decided it was okay to snoop and share. If this sort of thing is just glossed over, it will continue to happen. The hospital could also be in trouble for security violations for not having procedures in place to know that someone has improperly accessed another person's information or for the information being passed along/leaving the premises without being secured. ETA: The co-worker who allegedly obtained the information could possibly/potentially be on the hook for HIPAA if they were in HR and the company self insures etc. There are instances were an employer can be a covered entity based on how insurance coverage is handled.
|
|
haapai
Junior Associate
Character
Joined: Dec 20, 2010 20:40:06 GMT -5
Posts: 5,983
|
Post by haapai on Aug 29, 2013 13:53:29 GMT -5
Yes, both the skank and the nurse should be fired. That does not appear to be happening.
It's also unclear exactly how much information was required to obtain the records. Was a name and an access code all that it took or was a DOB, Soc., or patient number also required?
|
|
mmhmm
Administrator
It's a great pity the right of free speech isn't based on the obligation to say something sensible.
Joined: Dec 25, 2010 18:13:34 GMT -5
Posts: 31,770
Today's Mood: Saddened by Events
Location: Memory Lane
Favorite Drink: Water
|
Post by mmhmm on Aug 29, 2013 13:55:27 GMT -5
You would think the snoops would realize that everything you do on a computer can be traced back. Yes, you certainly would. However, this wouldn't be the first time something like this has happened. Unfortunately, we don't have a cure for stupidity; nor, do we have a cure for vicious nosiness.
|
|
Nazgul Girl
Junior Associate
Babysitting our new grandbaby 3 days a week !
Joined: Dec 25, 2010 23:25:02 GMT -5
Posts: 5,913
Today's Mood: excellent
|
Post by Nazgul Girl on Aug 29, 2013 13:55:28 GMT -5
Well, i am not sure that Hippa applies. People seem to think that Hippa applies to everyone. It only applies under certain conditions. Not sure if it does here or not. Oh brother, Shooby. If you worked at a hospital or any medical institution, you would know that it does apply in this case, and is a criminal violation. You can't do that kind of thing. Why do you think it doesn't apply in this case ? Just curious.
|
|
movingforward
Junior Associate
Joined: Sept 15, 2011 12:48:31 GMT -5
Posts: 8,385
|
Post by movingforward on Aug 29, 2013 13:55:39 GMT -5
Yes, both the skank and the nurse should be fired. That does not appear to be happening. It's also unclear exactly how much information was required to obtain the records. Was a name and an access code all that it took or was a DOB, Soc., or patient number also required? I take it the skank was out to get this person, just being nosy or what? I just can't imagine why a person would do that to someone.
|
|
Sharon
Senior Associate
Joined: Dec 19, 2010 22:48:11 GMT -5
Posts: 11,285
|
Post by Sharon on Aug 29, 2013 13:56:05 GMT -5
If this is reported to CMS (centers for medicare/medicaid services) they will do an investigation of the hospital and if they find a violation the hospital will be on the hook for some hefty fines. In some instances all it takes to be found guilty is the fact that they can't prove that the violation didn't take place.
|
|
mmhmm
Administrator
It's a great pity the right of free speech isn't based on the obligation to say something sensible.
Joined: Dec 25, 2010 18:13:34 GMT -5
Posts: 31,770
Today's Mood: Saddened by Events
Location: Memory Lane
Favorite Drink: Water
|
Post by mmhmm on Aug 29, 2013 13:57:41 GMT -5
Yes, both the skank and the nurse should be fired. That does not appear to be happening. It's also unclear exactly how much information was required to obtain the records. Was a name and an access code all that it took or was a DOB, Soc., or patient number also required? It's possible the nurse isn't the one who did this. I did see a case where a nurse's login information was used in this manner without her knowledge. Fortunately, for her, she was able to exonerate herself by showing she wasn't at the computer at the time the record was accessed. The person who was guilty was caught. She'd gotten the nurse's login information by surreptitiously watching her login.
|
|
shanendoah
Senior Associate
Joined: Dec 18, 2010 19:44:48 GMT -5
Posts: 10,096
Mini-Profile Name Color: 0c3563
|
Post by shanendoah on Aug 29, 2013 14:00:38 GMT -5
The nurse violated HIPAA. Unless haapai also works in the medical field (for a provider or insurer), the co-worker did not violate HIPAA, simply shared information that she had learned with (apparently) malicious intent. (Which is not a crime, as far as I know.)
But that's only if the coworker being accused actually did what she's being accused of. It is very possible that she is back because an investigation was conducted and no evidence of her being involved was found.
It very well be that the one co-worker, finding his reputation ruined, is striking out at random to ruin another person's reputation.
|
|
mmhmm
Administrator
It's a great pity the right of free speech isn't based on the obligation to say something sensible.
Joined: Dec 25, 2010 18:13:34 GMT -5
Posts: 31,770
Today's Mood: Saddened by Events
Location: Memory Lane
Favorite Drink: Water
|
Post by mmhmm on Aug 29, 2013 14:22:24 GMT -5
We don't need the details here, Rukh, and haapai shouldn't be put in the position of having to discuss this at that level.
|
|
haapai
Junior Associate
Character
Joined: Dec 20, 2010 20:40:06 GMT -5
Posts: 5,983
|
Post by haapai on Aug 29, 2013 14:24:50 GMT -5
The skank did not work in HR. If a social security number or date of birth was required to pull this off, she didn't obtain them as part of her job.
There's definitely a part of me that leans toward shenandoah's explanation. The alleged crime is trite and clumsy and the connections have not been spelled out well.
Checking out whether my own records have been accessed is about the only way that I can search for answers. If I find unauthorized access, I'll get a better idea what's up. If I don't find snooping, I will probably never know who was telling the truth.
|
|
HoneyBBQ
Junior Associate
Joined: Dec 27, 2010 10:36:09 GMT -5
Posts: 5,395
Mini-Profile Background: {"image":"","color":"3b444e"}
|
Post by HoneyBBQ on Aug 29, 2013 14:41:32 GMT -5
Well, i am not sure that Hippa applies. People seem to think that Hippa applies to everyone. It only applies under certain conditions. Not sure if it does here or not. I'm not sure what you're talking about. EVERY PATIENT HAS HIPAA RIGHTS. Even infants or senile grandparents. Under NO circumstances EVER is it allowed to look up a random person's medical history let ALONE publicize the results.
|
|
HoneyBBQ
Junior Associate
Joined: Dec 27, 2010 10:36:09 GMT -5
Posts: 5,395
Mini-Profile Background: {"image":"","color":"3b444e"}
|
Post by HoneyBBQ on Aug 29, 2013 14:44:49 GMT -5
If this is reported to CMS (centers for medicare/medicaid services) they will do an investigation of the hospital and if they find a violation the hospital will be on the hook for some hefty fines. In some instances all it takes to be found guilty is the fact that they can't prove that the violation didn't take place. Not necessarily. If the employee went rouge and there were policies, procedures, and appropriate training in place, I doubt the hospital would be fined (but if they don't fire her.... that may be an issue). But I don't just think they'd be fine just from the incident itself.
|
|
HoneyBBQ
Junior Associate
Joined: Dec 27, 2010 10:36:09 GMT -5
Posts: 5,395
Mini-Profile Background: {"image":"","color":"3b444e"}
|
Post by HoneyBBQ on Aug 29, 2013 14:46:10 GMT -5
The skank did not work in HR. If a social security number or date of birth was required to pull this off, she didn't obtain them as part of her job. There's definitely a part of me that leans toward shenandoah's explanation. The alleged crime is trite and clumsy and the connections have not been spelled out well. Checking out whether my own records have been accessed is about the only way that I can search for answers. If I find unauthorized access, I'll get a better idea what's up. If I don't find snooping, I will probably never know who was telling the truth. You should definitely request/demand a search be done on your behalf.
|
|
HoneyBBQ
Junior Associate
Joined: Dec 27, 2010 10:36:09 GMT -5
Posts: 5,395
Mini-Profile Background: {"image":"","color":"3b444e"}
|
Post by HoneyBBQ on Aug 29, 2013 14:47:16 GMT -5
PS this scenario make me irrationally (or probably actually rationally) angry for the victim.
|
|
haapai
Junior Associate
Character
Joined: Dec 20, 2010 20:40:06 GMT -5
Posts: 5,983
|
Post by haapai on Aug 29, 2013 15:13:23 GMT -5
I'm secretly hoping that my records have been accessed without authorization and the test results found so boring that the snoop has tried to get my medical records from the referring doc.
If an attempt to get records from the referring physician was made and a different procedure and/or code was used, the nurse's "I was hacked"/"I was fooled"/"I made one mistake" argument is proved to be bogus.
It's utterly irrational to hope that my name, date of birth, social security number, and my entire gynecological history is in the hands of an evil, vindictive person but it's what I'm hoping for.
|
|
Deleted
Joined: Oct 7, 2024 4:29:04 GMT -5
Posts: 0
|
Post by Deleted on Aug 29, 2013 17:36:27 GMT -5
HoneyBBQ said: I know this is a typo but my twisted little brain finds it funny. "Guilty" written all over her face!
|
|
HoneyBBQ
Junior Associate
Joined: Dec 27, 2010 10:36:09 GMT -5
Posts: 5,395
Mini-Profile Background: {"image":"","color":"3b444e"}
|
Post by HoneyBBQ on Aug 30, 2013 11:22:31 GMT -5
HoneyBBQ said: I know this is a typo but my twisted little brain finds it funny. "Guilty" written all over her face! DAMMIT JANET! LOL. The funniest thing was I actually looked it up on dictionary.com before I typed it to make sure that I was typing it correctly and then my brain un-did the correction and put it back like this. R O G U E. There. Of course, I'd blush too if I were such a HIPAA violating moron!
|
|