Skip to contents
In This Issue:
Although staff may not perceive the following case scenarios as violations, they are examples of breaches of patient privacy under HIPAA.
1. An employee checks the medical record of a friend or family member, in order to see how they are doing. NOTE: Checking the medical record of any patient without a “Need To Know” to do your job is strictly prohibited. Simply having access to medical information does not give you the right to check a medical record of someone not connected to your job responsibilities.
2. After hours, outside of BWH you are approached in a social setting and questioned about a celebrity recently admitted to BWH. You are asked what you know about the person, what they were admitted for. NOTE: You are not authorized to talk about any BWH patient out of curiosity. Access to medical information is only to perform your job.
3. An employee piggybacks use of the computer on another employee’s password. NOTE: Using the computer on another person’s access (key/password) is strictly prohibited (with the exception of IS approved Kiosk terminals). Once your work is completed on a computer, log off the computer or click the yellow lock at the bottom right of the computer screen to invoke the screen saver.
4. A staff member writes a specific diagnostic test or diagnosis next to a patient’s name on a communication board that is visible to visitors on a patient unit. NOTE: White boards with names of patients are permissible, but patient-specific information violates patient privacy.
5. A staff member leaves patient identifiable information on a table in the medical library for others to see. NOTE: Patient identifiable information should not be left for others to see. Think of it as your own personal information and properly dispose (tear or shred) of copies.
6. An employee discards copies of patient identifiable information in the trash or recycle bin safe. NOTE: Nothing special happens with the trash or recycle bin. Information is not gathered centrally and shredded hospital-wide. Before discarding copies of patient identifiable information, tear or shred the document, or at the very least, tear off the patient identifier from the document.
If you are not certain how your role will change as a result of HIPAA, contact your manager or supervisor.