Management is monitoring workflow of off shifts from home computers, which gives them access to patients information such as,insurance,diagnosis,treatment, etc,

Are they disclosing the info to anyone who is not authorized?

Anyone in their home could access information.

Could or does? I have a home office. I don't disclose anything nor does anyone have any of my passwords.

HIPAA does not address "could have, would have, should have" situations.

Management is monitoring workflow of off shifts from home computers, which gives them access to patients information such as,insurance,diagnosis,treatment, etc,

So your concern is that someone in the home could access the information. Has the IT department provided any security to control access of the information?

It might be considered a HIPAA violation if no controls are in place, but I seriously doubt that is the case.

What is your position/concern in this?

No, the company site will be password protected, and only the user can have access.

No this is not a violation in any sense of the word.

Doctors normally will have access to their files and records from home.

It is giving that info out, where the issue is, if they access it, and then tells someone.

So your concern is that someone in the home could access the information. Has the IT department provided any security to control access of the information?

It might be considered a HIPAA violation if no controls are in place, but I seriously doubt that is the case.

What is your position/concern in this?

My concern is this person accessed my husbands medical information a year ago and the HR department was informed and all they did was have her apologize.Perhaps my issue is more of trust! Thanks for your input.

Do they have a reason to access it ? If their job position gives them unlimited access to patients files and permission to review them, there is no issue.

And again, are they giving out or telling any of the info, that is the where the violations come into play.

Ok, so now we get to the heart of the matter.

How did you find out she did this? What did she do with the information? Was she not entitled to look at those records as part of her job?

How do you know that's all they did? I suspect the transgression was entered into her HR and a repeat might get her into more serious trouble. Its also possible she was sent to refresher HIPAA training.

What do you think should have happened?

Too add, what position does this person hold?

Many medical coders work from home these days, so they would have access to quite a bit of information.