Confidentiality, Privacy and Security

Personal health information disclosure

  • 1.  Personal health information disclosure

    Posted 09-19-2019 17:35
    Good day or evening for everyone.
    I am a student at HIM program and have following question: if personal health record was disclosure without authorization what responsibility the person who released it  have and if it continues so person lost the position what is the chances she/he is going to be hired by another facility?
    Thank you for any answers.

    ------------------------------
    Nadiia Kholod
    ------------------------------


  • 2.  RE: Personal health information disclosure

    Posted 09-20-2019 10:19

    Greetings, Nadiia.
    That is a deceptive question. Short answer: it depends.

    Records can be disclosed without an authorization properly under many circumstances as well.

    Breaches happen. We are only human (and not all disclosures are breaches). If the breach was maliciously done, that is a good way to lose credentials and the possibility of obtaining them again, as it's a violation of every credential's code of ethics; almost certainly firing from your job as the fine for the facility isn't small, and quite probably blacklisted at least in the area as many will perform a check on you before hiring. Or even jail time which is public record. Most disclosures are not maliciously done.

    Negligence is another aspect, and this also determines what penalties are exacted. Sadly this is a bit more broad as it contains everything from forgetting to secure PHI to accidentally going into a wrong chart (the latter is an example of a disclosure that isn't a breach). Once or twice is not great, but possibly acceptable. If it becomes habit then it becomes more of a problem as if breaches the fines gets more stringent.

    In terms of responsibility, if you did it, you are responsible. However so is the facility as you are acting on behalf of them. 

    Was there a specific kind of disclosure you were referring to?



    ------------------------------
    Cody Todd , RHIT
    ------------------------------



  • 3.  RE: Personal health information disclosure

    Posted 09-25-2019 17:16
    Hello, Cody. I was referring to the situation from real life I had. My friend commit defamation of charter or invasion of privacy, not sure which one will feet better. He publicized persons diagnose about STD to all of her friends. Her reputation was destroy. Since it was untrue, she envisaged where did it come from and found out that it wasn't her diagnoses, but her daughters. She wrote a complaint about the situation. Person who did fraud was fired, but found job in a week for the same hospital in different facility.

    ------------------------------
    Nadiia Kholod
    ------------------------------



  • 4.  RE: Personal health information disclosure

    Posted 09-25-2019 22:29

    Ah. Well, that would fall under a malicious breach, as it sounds like knew exactly what he was doing. Certainly slander. Potentially worth bringing suit to person and hospital, as well as a restraining order. Also to get an accounting of disclosures, and insist that he not go into your (or their) record. It also depends if in a similar position. 

    Certainly worth contacting at least the OCR regarding the breach. Something like that doesn't neccesarily preclude you from finding work as if the health system is willing to work with, nothing can really stop them, though OCR, JHACO and a few more acronyms would have words. but nepotism is a thing, as well. I know if it was me, or my daughter, I would be bringing brimstone but that's just me. Absolutely I would be contacting OCR, company leads, HIM Director and placing reviews everywhere I thought would reach. I personally find while an accidental breach can and will happen, something blatant like this is inexcusable, to my mind.



    ------------------------------
    Cody Todd , RHIT
    ------------------------------



  • 5.  RE: Personal health information disclosure

    Posted 09-29-2019 16:32
    Hello Nadiia,

    There is not a way to report situations such as this as there are with OIG violations, however if the individual is a member of AHIMA and a credential holder, you could report it to AHIMA or CCHIIM for professional ethics violations. If the individual is licensed through a state board, you might be a lot report it as a professional ethics violation.

    Carlyn

    ---------------------------------
    Carlyn Doyle
    Compliance Engineer
    ---------------------------------





  • 6.  RE: Personal health information disclosure

    Posted 09-30-2019 13:53
    Thank you, Carlyn. I am a student at HIT program and we learned about ethics violations. it was a pleasure to hear professional opinion.

    ------------------------------
    Nadiia Kholod
    ------------------------------



  • 7.  RE: Personal health information disclosure

    Posted 09-30-2019 10:43
    I would also say it appears that the hiring company would need to review their HIPAA security policies regarding background checks for employees.  While a disclosure would not show up necessarily on a background check, doing a thorough reference check on new hires could have prevented this person from being rehired in health care.  This would however depend on the previous employer being open about the reason the person was terminated, which could be barred based on HR policy.  It's almost as if with the growing number of disclosure violations, a database would need to be built that logs persons involved in PHI disclosure that could be verified prior to employment.

    ------------------------------
    Diana Flood
    Clinical Consultant Ii
    dflood@ofmq.com
    ------------------------------



  • 8.  RE: Personal health information disclosure

    Posted 09-30-2019 13:59
    Diana, I might not be fully informed how this event was over. But thank you so much for your respond. I try to apply what I am learning to real life and you gave important side of the situation.

    ------------------------------
    Nadiia Kholod
    ------------------------------