Health Information Management

Q&A: HIPAA and friendly follow-ups

HIM Connection, April 13, 2010

Want to receive articles like this one in your inbox? Subscribe to HIM Connection!

Q. An emergency department (ED) nurse at a hospital and trauma center saw the name of an acquaintance on a patient list. The nurse learned that the patient was admitted to the ICU. Based on this knowledge, the nurse visited the patient and family later that day. Is this a HIPAA privacy violation? The employee used information intended for treatment purposes to learn of the admission and then visit the patient.  

A. The ED nurse violated the HIPAA Privacy Rule. The nurse used protected health information (PHI) for purposes other than treatment, payment, healthcare operations, or as specifically allowed by law or authorized by the patient. Merely seeing an acquaintance’s name on a patient list doesn’t amount to a HIPAA violation. The nurse’s actions, however, violated the privacy rule. 
 
Nurses may access PHI as part of their job, but they may not use PHI for personal purposes—in this case, visiting the patient.
 
Editor’s note: Chris Apgar, CISSP, president of Apgar & Associates, LLC, in Portland, OR, answered this question in the April 2010 issue of Briefings on HIPAA.



Want to receive articles like this one in your inbox? Subscribe to HIM Connection!

Most Popular

Related Articles