Thursday, November 26, 2009

Just 'cause you work in a hospital...

Just last week I wondered how many healtcare workers didn't know they were affected by HIPAA. Apparently 16 workers at Ben Taub General, part of the Harris County Hospital District, didn't. The hospital district hasn't given specifics, but anonymous sources say they were looking up a 1st year resident who was shot in a robbery. One of the dismissed workers said, "I helped a doctor locate a patient/friend and that's it!”

The point these now unemployed workers missed is that no one not involved in the care of the patient is allowed to access those records without express permission of either the patient or the patients representative. This is the kind of breach that doesn't necessarily need public disclosure, but the patient needs to be notified. And the rest of the workers need a refresher in HIPAA, with a strong emphasis put on not accessing accounts you are not involved with and using the proper channels to access those you are. I don't want to allow any practice that could cause workers to relax their guard about using the proper channels to access patient records - even their own.

Which brings up another point. A comment on an earlier post said that current regulations require a report if a hospital employee looks up their own record. Hospital policy might require that - and it should at least require a refresher in proper policy - but other than going outside of protocol, looking at your own record is not a breach of HIPAA.