Confidentiality, Privacy and Security

Wrong Instructions

  • 1.  Wrong Instructions

    Posted 06-09-2020 14:18
    Good Afternoon All,

    I want to know how other organizations are handling this type of event.  In the case where a patient is given the incorrect discharge instructions:

    Do you try to get the "wrong" ones back?
    What measures do you take to get them back?
    To what level do you take that pursuit?

    Thanks in advance!

    Calla Waldron-Buck

  • 2.  RE: Wrong Instructions

    Posted 06-10-2020 08:21
    Good morning,
    We had that happen a few months ago. We asked the patient to return the instructions, I think we called her twice after she notified us that she had additional instructions that weren't hers. Finally our Surgery Director met the patient at her post-up appointment with the surgeon. If that hadn't worked, I believe we would have mailed the patient a self addressed stamped envelope to attempt to try to get them back. There is only so much you can do though.

    Kathryn Wood, RHIA
    Assist Dir of Information Systems/Privacy Officer
    War Memorial Hospital

  • 3.  RE: Wrong Instructions

    Posted 06-10-2020 08:41
    We do our best to get them back or at least advice the patient to shred/destroy them.   As we would report the breach to the impacted patient and OCR, I am not sure there is much more that is reasonable to do.   Now if for some reason we were talking a large volume of patients involved, I would have no problem retrieving the documents myself.

    Nancy Davis, MS, RHIA, CHPS
    Director of Compliance & Safety
    Door County Medical Center

  • 4.  RE: Wrong Instructions

    Posted 06-10-2020 08:53

    We attempt to get them back.....sometimes the patient will return them or mail them back....sometimes when we ask for them to return them, they say they already pitched can only do so situations like these, if the PHI is a non-sensitive diagnosis, it most likely does not rise to the level of a reportable breach to the OCR, but I typically call the patient whose information was breached and inform them of our mistake anyway – I have never had anyone upset, most are appreciative of being told and not concerned......I always feel I would rather that patient find out this news from us than from someone else.....


    Wendy Mangin, MS, RHIA

    Director of Corporate Compliance


    Good Samaritan 

    520 S. Seventh St. | Vincennes, Indiana | 47591

    Hospital: 812.882.5220 | Direct: 812.885.3487 

    Fax: 812.885.3912 | 

    b326b5f8d23cd1e0f18df4c9265416f7  images   Website | Videos | News | Events


  • 5.  RE: Wrong Instructions

    Posted 06-11-2020 10:13
    I do attempt to get the document back.  Generally, I send the patient a letter thanking them for letting us know and include a postage paid return envelope to return or to indicate on the letter I sent that they have shredded/destroyed the document.  A couple of times I have met the patient on a return clinic visit to retrieve.

    Dovie Brady
    Manager, Hipaa Compliance
    Woman's Hospital

  • 6.  RE: Wrong Instructions

    Posted 06-11-2020 16:58

    Yes, I always make an attempt to retrieve the wrong documents to confirm the specific PHI compromised and to assure they are disposed of properly.  I have had good luck with sending a self-addressed stamped envelope to obtain them.  I have also picked up documents at the individual's home (the surrounding community is fairly small).  Sometimes patients offer to deliver them to me. If this isn't feasible I ask if the documents can be shredded.

    Dana DeMasters, MN, RN, CHPS
    Privacy/Security Officer

  • 7.  RE: Wrong Instructions

    Posted 07-07-2020 11:16
    I was scrolling and saw this message and some of the replies...what a good topic!

    I think whether or not one gets the PHI back does not impact whether one has a reportable breach given that the discharge instructions are in printed format (which is not secure) and whether the security or privacy of the PHI is compromised is not a function of whether or not the PHI is what some folks would call "sensitive".  Breach does not differentiate between "types" (sensitive, not sensitive) of PHI.  It applies to all PHI.

    One positive aspect of getting the info back is that it is then nice and reassuring to the patient (in some cases) to include in the notification letter something along the lines of "Upon discovery of this incident, the organization the took steps and was successful in retrieving the involved documents......" etc, etc.

    Keep in mind that whether people conclude this is or is not a breach(?) either case, you need to make sure to record this disclosure in the event that the individual whose PHI is involved requests an accounting of disclosures.  Instances where the wrong discharge instructions were given in error to the wrong individual would be an incident that is required to be on an Accounting of Disclosures if requested.

    Thank goodness these requests don't happen often.  I know some organizations that have yet to reach double digits in the number of requests for an Accounting of Disclosure since HIPAA was implemented.

    Frank Ruelas
    Compliance Professional