i work at a medical billing office, only 2 people in our office ever have reason to look at charts. i recently looked at my own chart as i see a doctor in a group that we bill for to see if any of my co-workers might be looking at my chart and to my surprise my direct supervisor and 2 co-workers have been looking at my chart.

we have access to medical charts via electronic medical records, one would think we only have codes, but, we do have access to chart, nurse notes, rx info, dx history, and doctor notes.

when i was hired there was no compliance training, no manual given, no policies. We are a reputable company with many clients.

i told the director and she stated she is going to talk to my supervisor next week when she gets back from vacation and will implement a policy that if this happens again it will lead to immediate dismissal; it can't happen again since my acct has since been locked. what rights do i have? what should happen? what should i do, besides being very intimidated about my future here, although i was assured by the director there would be no problems. mind you, i have been with this company for only 3 months.

the information she accessed contains all medical information including personal history showing i was adopted, my pain medications, information about a law suit settlement.......

JudyKayTee

You would have to prove the information they accessed actually harmed you or your reputation. (I'm pretty startled that this could happen.) What do you think they did with your info? Does your office do HIPAA training? (It's HIPAA, not HIPPA.) I would think it would be grounds for immediate dismissal.

I don't know how this works but a medical billing office actually has a patient's chart? I thought you just had codes for services and then billed based on that.

Smoked

Failure to comply with HIPAA can result in civil and criminal penalties

U.S. Department of Justice (DOJ) clarified who can be held criminally liable under HIPAA.
whom "knowingly" obtain or disclose individually identifiable health information in violation of the Administrative Simplification Regulations face a fine of up to $50,000, as well as imprisonment up to one year

Just look up HIPAA online and you will find all the info you need.

ScottGem

The question here is what you want to do. Yes, it certainly appears that your information was not properly safeguarded, but if you report it, what happens is your company (and your doctor's office) will most likely get fined. It is doubtful that you will get any money. So what do you think working there will be like (or getting cared for by the doctor) if you cost them a big chunk of money?

I would follow up with the director to make sure that patient data is properly safeguarded and employees trained to comply with HIPAA. You can do this under the guise that you are trying to protect the firm.