Is it a violation?
Jim leaves his work computer unlocked while he goes to lunch.
HIPAA violation?
Dr. Friend is in the hospital's public elevator with Ms. Tari and they start to discuss Mr. Cruz's treatment for a blood clot.
HIPAA violation
Miss Gab's levothyroxine was part of a drug recall. You call to tell her this and ask her to return the medication to the pharmacy, but you receive her voicemail. You check in the computer system and it indicates that it is OK to leave a message, so you leave her a message saying, "Miss Gab, this is Nate at the pharmacy and I'm calling to tell you about your medication. Please call us back at 303-123-4567."
NOT a HIPAA violation
A son runs into the hospital and asks you what room his mother is in so he can visit. He says she was just admitted via the ER. You look in the computer system and see he is listed as her POA, so you tell him how to find her room.
NOT a HIPAA violation.
Your neighbor came up to your pharmacy counter to pick up her medication to treat herpes. When you get home that night, you tell your husband about the herpes medication and gossip about your neighbor and her husband.
HIPAA violation
A patient calls to ask about if a cut she has on her hand might be infected. She wants to send you pictures to your cell phone. You give her your cell number and then call her back once you get the pictures to tell her it does look infected and to see her doctor.
HIPAA violation (If you don't have a workplace mobile device that is HIPAA compliant).
An 18-year-old girl's mother comes into the pharmacy and asks if she can see her daughter's medication list. The technician looks in the computer and does not see a HIPAA release, so she tells the mother she cannot provide that information.
NOT a HIPAA violation?
You work at a hospital and one of the floor nurses asks if she can get your cell number so she can text you when she needs a medication sent to her for one of her patients.
HIPAA violation
You are the owner of a medical clinic. A nurse that works in your clinic sees a local politician in your office. She takes a picture of the politician with you at the clinic and posts it to her Facebook page saying, "Look who came in our clinic today!" Within an hour the spouse of the politician calls angry and a few hours later the politician's lawyer calls. Who is responsible for the nurse's actions?
You, as the clinic owner, and the nurse.
A famous movie star has been admitted to the hospital. Cynthia, a new pharmacy tech, wants to tell her best friend about this exciting news!
HIPAA violation.
You work at a retail pharmacy in a grocery store. Mr. Davis dropped off his prescription and said he wanted to pick it up ASAP. When the prescription is ready you notice he is not in the pharmacy area. You use the store's overhead paging system to call him back, saying "Mr. Davis please come back to the pharmacy."
NOT a HIPAA violation
Three days after surgery, a patient notices redness and pain near the surgical site. She does not have a ride to come into your clinic, so she sends you pictures via email. What do you do if a patient sends you unsolicited (you didn't ask for these) pictures via non-secure email (or text)?
Print out the photos for her medical record then delete the email/texts? Deleted emails/texts may still show up in a trash folder, so make sure that you delete from the trash as well.
Mr. Brown requests his medication list be faxed to his doctor's office. You fax it over but receive a phone call that you faxed it to a McDonalds.
HIPAA violation?
Ms. Tari leaves her work computer unlocked while she quickly walks over to her boss's office, which is next door. Her co-worker, Dr. Friend, looks in her computer when no one sees to see if their boss is taking any psychotropic medication. Who will most likely get in trouble for this?
Ms. Tari.
A 40-year-old male patient is getting medications from you for his cancer treatment. His mother is also a patient and is his personal representative (or power of attorney). One visit, mom asks about her son and since you are pretty sure there's a HIPAA release for her to have the son's information, you provide it. You later see that mom is not listed on the son's HIPAA form, and the son calls you upset that you discussed his care with his mom. Later he files a lawsuit and tells you he will file a report with the Office of Civil Rights. Did you do anything wrong?
The Federal Government understands that a patient's representative (or POA) is entitled to a release of his medical records unless the patient has specified in writing that they don't want the POA notified of something, you are within your rights to disclose information to the POA without penalty