Complying with the Health Insurance Portability and Accountability Act (HIPAA) regulations while also maintaining policies and protecting health information is a tricky juggling act, but a recent case involving a medical provider shows how it can be done successfully.
The medical center in the case is part of a larger health system. Its operating room secretary had been with the practice for more than three decades. As part of her duties, she had access to a system containing protected health information (PHI) including social security numbers, insurance information, and dates of birth. However, the employee did not have access to patient medical charts. Several employees also happened to be patients of the medical center.
The secretary twice accessed the system storing the phone numbers of employees. Typically, this information is kept on a clipboard in the operating room, but that clipboard had seemingly disappeared on both occasions when the woman accessed the employee records. Using privacy monitoring technology, both instances of the secretary accessing the records were recorded.
After an investigation, the secretary said she had a legitimate need to access the records for business because she wanted to know whether the employee was coming to work for the day. However, it was revealed by the secretary’s supervisor that this was not part of her job responsibilities nor was she given permission to access the system.
The secretary was ultimately terminated due to violating policies, but she filed a claim alleging age discrimination was the reason behind her termination, not the violations. However, her employer had clear and policies in place that clearly prohibited the actions taken by the secretary and it had also provided training to ensure the policies were being enforced, the woman’s age being irrelevant. Hence, the woman had violated HIPAA as well as her employer’s code of conduct and confidentiality policy.
You can read more about the case here: https://www.benefitspro.com/2018/09/27/terminating-an-employee-for-hipaa-violation-a-succ/?slreturn=20180901125641.
This update is by Medical Accounts Systems, a full-service healthcare revenue cycle management company providing a number of services including insurance follow up and managed care disputes, physician reimbursement, hospital extended business office services, and more. For additional information on our services or for any questions you may have on topics such as medical debt collection, please call 877-759-6315.