Running head: HIPPA IS BEING VIOLATED ON A DAILY BASIS

HIPPA is Being Violated on a Daily Basis
Anita Byarse
Axia College
Effective Persuasive Writing
Com 120
Carolyn Parker
Jul 23, 2006

HIPPA is Being Violated on a Daily Basis

On June 14, 2006 I went to the doctor’s office to pick up a friend and while I was sitting in the waiting area a woman came in and went to the front desk to check in. After a few minutes she was called to the back and when the ladies behind the desk seen that she was no longer in the waiting area they began to discuss her personal business. Need-less to say by the time I was ready to leave I knew the ladies name, what type of insurance she had that she owed them some money, what she was being seen for and I also knew just by how they discussed her that she was a regular there and not very liked. The whole time that I was there no-one bothered to close the privacy window and they discussed this patient’s information openly not caring if someone over heard them or not, which brings me to my point. HIPPA is being violated on a daily basis. One may be asking what is HIPPA and how does it work?

HIPPA stands for Health Insurance Portability and Accountability Act. HIPPA was signed into law by President Clinton on August 21, 1996 and went into effect on April 14, 2001. Prior to HIPPA there was no uniformity; rules and regulations varied from state to state and even from one healthcare organization to another. HIPPA requires that medical providers take steps to keep our health information private. It also requires that you are informed how the information that is gathered, how it is used and what some of the limits are as to what can be done with this information.

We will be discussing ways in which HIPPA is being violated and how you can take steps to ensure that your rights are not being violated and that your not violating someone else’s rights. More often then you can imagine Private Health Information (PHI) is being given out either by phone or in person and no-one seems to be verifying if this information can be given out or not. This may be due to a lack of concern, time, knowledge or maybe even training. Whatever the reason it could be your information or maybe even mine that is being given out so freely. An authorization form should be in your records giving an exact description of the information to be used or disclosed, the name or class of individuals who are authorized to use or disclose this information (Nawrocki, J., Journal of Health Care Compliance Nov/Dec, 2001). No-one should be giving out your records, test/lab results or discussing your diagnosis if you have not given them permission to do so. But if you think about it how often do you see that person behind the desk check to see if there is a consent form? We are not taking the time to ensure that we do not violate someone’s rights. Nor are we doing what it takes to make sure we are keeping their PHI private.

Many people do not realize that by not disposing of PHI correctly they are in violation of HIPPA as well as Federal Law. All printed information containing confidential information must be burned or shredded prior to disposal. This information is supposed to be kept in secure containers and not accessible to the public. But I see it day in and day out paper with PHI on it thrown into a regular trash can. Anyone can get a hold of this information and use it resulting in identity theft or maybe even fraud. Plus you run the risk of having a lawsuit brought against you or the company you work for. Here are a few examples of this type of violation. According to Salyer (2000) two health care organizations in Washington State were found discarding medical reports in unlocked dumpsters. Among the information found by reporters were patient’s names, addresses, social security numbers, and detailed descriptions of sensitive medical procedures. Another example according to Nerl & Wlazelek (2002) police in Wilson, Pennsylvania are investigating why medical records (including original copies of lab reports, drug reports and doctor’s examination notes) from Easton Hospital were found on the streets of Allentown, PA. All of the records had patient names and many included addresses and phone numbers. A hospital official stated that an internal investigation revealed a suspect or suspects responsible. If we would only take the time to properly dispose of paper that we know contained PHI all this can be avoided.

To give you a better understanding Private Health Information (PHI) is anything that contains your name, phone number, Social Security number, medical diagnosis, or any personal information about yourself. According to HIPPA all PHI is suppose to be kept in a secure location (your car or home is not considered secure because someone other then yourself may have access). But more often then not physicians as well as employees have been known to take PHI home. When I asked my coworker Penny why she took this information home with her she stated “I’m not able to finish it all before I get off so I take it home so that I can stay caught up.” Even though it is a violation of HIPPA it still happens. You may wondering what harm is it in taking this information home? Well, consider this, the information could be lost, if someone gets a hold of that information and reads it the persons whom information is being read has just had their privacy rights violated. We have to put ourselves in the other person’s shoes and ask ourselves would we want someone we do not know reading our PHI.

That brings me to my next point; employees should not be able to access other employees PHI unless it is necessary for them to do their job. (Vogt, 2004) Plus according to Vogt (2004) employees should not have access to their own electronic medical records but should instead be required to follow the same process as any other patient seeking access to his or her records. This can be prevented by restricting access to where PHI is being kept, designating only certain personnel access to where this information is being kept, and keeping a log of where someone’s PHI is being taken. As I stated earlier it is a violation of your privacy rights if someone who is not authorized to do so reads your PHI. And if you were to find out that this has been done then you could file a lawsuit against the person or persons responsible. Then if the knowingly obtained and disclosed your personal information they could face fines or imprisonment if found guilty. Look at this: a psychiatrist from New Hampshire was fined $1,000 for repeatedly looking at the medical records of an acquaintance without permission. (1999) Then according to Sink (2002) a jury in Waukesha, Wisconsin, found that an emergency medical technician invaded the privacy of an overdose patient when she told the patient’s co-worker about the overdose. The co-worker then told nurses at West Allis Memorial Hospital, where both she and the patient were nurses. The EMT claimed that she called the patient’s co-worker out of concern for the patient. The jury, however, found that regardless of her intentions, the EMT had no right to disclose confidential and sensitive medical information, and directed the EMT and her employer to pay $3,000 for the invasion of privacy. Another case according to Slevin (1999) a Washington DC jury ordered a local hospital to pay $25,000 for failing to keep a patient’s medical records confidential. Co-workers learned of the victim’s HIV status after an employee at the Washington Hospital Center revealed information in his medical record.

The last point that I would like to make is be aware of your surroundings when discussing confidential or PHI. The break room or cafeteria is not the place to be holding a conversation about someone’s PHI because you do not know who could walk up on you while this is being done. Always discuss any information behind closed doors and never in an open area. You have to keep in mind that someone may overhear your conversation and know the person of whom you are discussing.

In this day and time when we have to worry about identity theft and fraud we should have a peace of mind in knowing that whether on the job- or at your doctors office everything is being done to make sure that your PHI is being protected. HIPPA is being violated on a daily basis and many people do not even realize it. If we would take a little more time and be more conscious of what we are doing then fewer mistakes would be made. So my question to you is what are some steps you can take to make sure that you comply with HIPPA and that you’re not violating someone’s rights?

References
Nawrocki, J. (2001, Nov/Dec). Complying with consent, authorizations, and notice under HIPPA. Journal of Health Care Compliance, 3, p41, 3p 1bw. Retrieved June 20, 2006, from EBSCOhost database
Nerl, D., & Wlazelek, A. (2002, August 8). Patients' privacy breached. The Morning Call, Retrieved June 21, 2006, from http://wwwlhippa.com/examples.html
Salyer, S. (2000, June 18). Patients records found in unsecured dumpsters. The Daily Herald, Retrieved June 21, 2006, from http://www.hippa.com/examples.html
Sink, L. (2002, May 9). Jurors decide patient privacy was invaded. Milwaukee Journal Sentinel, Retrieved June 21, 2006, from http://www.hippa.com/examples.html
Slevin, P. (1999, December 30). Man wins suit over disclosure of HIV status. The Washington Post, Retrieved June 21, 2006, from http://www.hippa.com/examples.html
The Associated Press State & Local Wire (1999, May 5). Psychiatrist convicted of snooping in records. The Associated Press State & Local Wire, Retrieved June 21, 2006, from http://www.hippa.com/examples.html
Vogt, N. (2004, Nov/Dec). Privacy compliance: are we sending mixed messages? Journal of Health Care Compliance, 6, p34-35, 2p. Retrieved June 20, 2006, from EBSCOhost database