View Full Version : Radiology HIPAA
ymbrown
May 11, 2012, 06:27 PM
I am a registered X-ray Technologist just recent terminated from employment based on the following.
An audit report was ran on our patient x-rays. In review of the x-rays, the supervisor noted that these exams had been view by myself; a registered x-ray tech, not all the films were imaged by byself. Some were imaged by fellow x-ray techs, but within our department (modality).
Human Resources is stating that this is a violation of HIPAA, as I did not have direct contact with this patient and did not have reason to acces the images/report. However, our department staff have always view images associated with other techs.
None of the images viewed were copied, printed or have any relationship to me on a personal basis, or discussed with any employee outside of the hospital. Only to view for learning / educational purposes.
J_9
May 11, 2012, 06:39 PM
Sorry to tell you this, but this is indeed a HIPAA violation. If you did not have direct contact with the patient you had no right viewing the films. Whether other people do or not isn't the point. The point is that whoever views films not associated with their patient is violating HIPAA.
ScottGem
May 11, 2012, 06:45 PM
As an x-ray tech are you responsible for interpreting x-rays? Were you asked to view the films as a consult? If not, J_9 is right.
J_9
May 11, 2012, 06:55 PM
X-ray techs do not interpret Scott, a licensed radiologist does.
ScottGem
May 11, 2012, 07:00 PM
X-ray techs do not interpret Scott, a licensed radiologist does.
That's what I thought. Just making sure.
Fr_Chuck
May 11, 2012, 07:36 PM
So why do you as a TECH view them ? What in doing your job required you to view them.
Next if this is common, did the other TECH's do this and are they being fired also ?
ymbrown
May 12, 2012, 07:00 AM
Our Radiologist (Rpa) will sometimes submit a QA on a view, Quality Action notice that indicates something was improperly done. So, for learning or educational purposes viewing to see what the Quality is. Some of these QA's may or may not be your films, and may belong to another technologist.
Other films that have been viewed, that did not have a QA, were films of interest, such a film that you may think had a fracture, something of interest to view for learning. This is not related to the patient "name", but the image and outcome of the image.
And yes, other techs have viewed images and were not fired. In addition, x-ray tech have also shared there images with other techs "saying... you should see this fracture or see this tumor, mass.
J_9
May 12, 2012, 07:08 AM
Unfortunately, it is still a HIPAA violation. I work in labor and delivery and frequently we review the electronic strips of fetal heart tones and contraction patterns. However, we must be treating the patient in order to sign on and review them. If we are not treating nurses it is a HIPAA violation. We had a similar issue in our department that you are having now.
If it is not a QA, and you are not the treating tech but your electronic signature is captured, you are in violation of HIPAA.
ScottGem
May 12, 2012, 07:11 AM
So your defense is that you were assigned to view these films as a training exercise. Do you have proof of that?
J_9
May 12, 2012, 07:18 AM
As I understand it there are films that are used for a peer review and others that are not but the techs tend to look at the films that are not considered for peer review, kind of like rubbernecking at an accident scene... "wow! would you look at the size of that tumor!" sort of thing.
If the films viewed were not for peer review/QA, then it is most definitely a violation.
J_9
May 12, 2012, 07:32 AM
I know none of this is what you hoped to hear, but now in the age of nursing informatics there is a virtual fingerprint on everything we do, in every area of the hospital, whether it be radiology, L&D, med-surg or respiratory therapy, for example.
If you are not treating a patient, and were not asked (written not orally) to review a chart/film/strip, you are in violation of HIPAA whether you know the name/demographics of the particular patient.
ymbrown
May 12, 2012, 07:53 AM
So your defense is that you were assigned to view these films as a training exercise. Do you have proof of that?
No, not necessary were these films assigned to me as training. The films however, did have QA assigned. Now, is the QA assigned to the film or the Employee.
But, still bottom line QA is Quality.
J_9
May 12, 2012, 07:55 AM
Now, is the QA assigned to the film or the Employee.
That is facility specific. Meaning, at my facility the QA may be assigned to the film, but at your facility the QA may be assigned to the employee.
ymbrown
May 12, 2012, 11:43 AM
That is facility specific. Meaning, at my facility the QA may be assigned to the film, but at your facility the QA may be assigned to the employee.
Yes, nothing that identifies our facility as the QA being specific to employee or films. There is a QA filter on the system; that being said, I am going to determine the QA's to be film related. What do you think
AK lawyer
May 12, 2012, 02:04 PM
All of which proves that the HIPAA regulations were written by imbeciles.
ballengerb1
May 12, 2012, 02:18 PM
I agree with AK, a big bunch of nut cases wrote HIPAA. Here is my question or thought. You looking at an image is not a violation in my book. The person who had control of those images and allowed you to see them committed the violation. Who gave or allowed you access?
J_9
May 12, 2012, 09:01 PM
First, I will agree with the statement that HIPAA was written by imbeciles.
In the age of nursing informatics everyone has the ability to view certain computer files in their particular unit. For example, if we have a patient in our unit L&D, there is a computerized fetal monitor strip showing the fetal heart rate as well as the contraction pattern. Everyone in our unit has the ability to view this computerized strip, but if it is not your specific patient, or you are not related to her care, you violate HIPAA by looking this strip up on the computer.
Now, in the OPs case, in radiology, the films are now computerized and can be viewed on a screen rather than the old fashioned films they put up on a light board. Since the OP has a code, if you will, to access the films that he/she is responsible for, he/she also has the ability to access all films taken by any other radiology tech. This is where the fine line is drawn. If the OP views films of patients not directly in his/her care, then the OP has violated HIPAA whether the OP knows the particulars of the case such as name, etc.
I have been trained in this extensively in the last 2 months as I was also accused of this same situation. In my case, however, it was resolved as a peer review situation as there were 7 other nurses involved in this situation.
From this point further, I as well as the OP, should NEVER view anything other than that which is directly involved in OUR patient's care.
ymbrown
May 12, 2012, 10:55 PM
I agree with AK, a big bunch of nut cases wrote HIPAA. Here is my question or thought. You looking at an image is not a violation in my book. The person who had control of those images and allowed you to see them committed the violation. Who gave or allowed you access??
I have access to our data base (DR PACS) because I am a registered tech in the department that takes x-rays. I never discussed the images with third party. What my employer is stating is that I had no business viewing the x-rays. Funny thing is, one of my PREVIOUS CO-workers today told me that one of the tech had performed a CT and the patient had an anuerysm and they were going around showing everyone.!
ymbrown
May 12, 2012, 10:59 PM
First, I will agree with the statement that HIPAA was written by imbeciles.
In the age of nursing informatics everyone has the ability to view certain computer files in their particular unit. For example, if we have a patient in our unit L&D, their is a computerized fetal monitor strip showing the fetal heart rate as well as the contraction pattern. Everyone in our unit has the ability to view this computerized strip, but if it is not your specific patient, or you are not related to her care, you violate HIPAA by looking this strip up on the computer.
Now, in the OPs case, in radiology, the films are now computerized and can be viewed on a screen rather than the old fashioned films they put up on a light board. Since the OP has a code, if you will, to access the films that he/she is responsible for, he/she also has the ability to access all films taken by any other radiology tech. This is where the fine line is drawn. If the OP views films of patients not directly in his/her care, then the OP has violated HIPAA whether or not the OP knows the particulars of the case such as name, etc.
I have been trained in this extensively in the last 2 months as I was also accused of this same situation. In my case, however, it was resolved as a peer review situation as there were 7 other nurses involved in this situation.
From this point further, I as well as the OP, should NEVER view anything other than that which is directly involved in OUR patient's care.
Can you define a peer review?? Because there were also other tech with the same situation, only they were not terminated. I feel I was singled out because of the relationship myself and supervisor have. We have never had any training in Hipaa. Also, x-ray exams receive QA's and these are distributed for edcuational purposes. In fact, three of the films that I reviewed were x-rays that had received a QA on them. So, it was my understand that these are learning experiences. What do you think based on your extensive training. Thanks
ymbrown
May 12, 2012, 11:02 PM
Can you define a peer review ??? Because there were also other tech with the same situation, only they were not terminated. I feel I was singled out because of the relationship myself and supervisor have. We have never had any training in Hipaa. Also, xray exams receive QA's and these are distributed for edcuational purposes. In fact, three of the films that I reviewed were xrays that had received a QA on them. So, it was my understand that these are learning experiences. What do you think based on your extensive training. Thanks
In reality, each of the other techs in the department had the opportunity to meet with our supervisor in her office and go over each questionable noted case. However, when it was my turn... I was told that we were to meet in the HR building with the Organizational Director, who by the way already had my termination letter typed up and signed before I even spoke. I had no access to the computer to even be able to review the images to refresh my memory... it had been 6 days since the audit.
J_9
May 12, 2012, 11:16 PM
Peer review and QA are virtually the same thing. In my department there is a peer review when there is a bad outcome. Basically the other nurses review the strips/films to find out if there was something that was missed by the treating nurse. We review that so that we can learn and prevent a bad outcome in the future. In other words, it's when a film/strip is open for interpretation for other members of the staff. However, the film/strip as to be marked as such so as not to violate.
What is the relationship between you and your supervisor? This may have bearing on your "punishment." Depending upon your relationship there may be a clause in your handbook about employee relations.
I notice from another one of your threads that you are in Michigan. Would you mind letting me know what city? Is this a large hospital or a rural hospital?
Your "relationship" may be the key here.
ballengerb1
May 13, 2012, 08:04 AM
I still believe the person reading a record is not violating HIPAA. Whoever allowed that person access is the one violating HIPAA. HIPAA is supposed to provide confidentiality. Protection is the key word, in my opinion.
ymbrown
May 13, 2012, 09:11 AM
Peer review and QA are virtually the same thing. In my department there is a peer review when there is a bad outcome. Basically the other nurses review the strips/films to find out if there was something that was missed by the treating nurse. We review that so that we can learn and prevent a bad outcome in the future. In other words, it's when a film/strip is open for interpretation for other members of the staff. However, the film/strip as to be marked as such so as not to violate.
What is the relationship between you and your supervisor? This may have bearing on your "punishment." Depending upon your relationship there may be a clause in your handbook about employee relations.
I notice from another one of your threads that you are in Michigan. Would you mind letting me know what city? Is this a large hospital or a rural hospital?
Your "relationship" may be the key here.
Yes, I live in a small rural community, with a privately owned hospital.. At will employer, although I know I will not get my job back; however unemployment benefits are a must as I have a large family and my family depended on my income.
My relationship was strained with my employer as I am very independent and strong willed. I always believed for equal treatment and discipline throughout the department. She has stated specifically to me... I know you are always making sure I am being fair! Which she never is and continually talks about employees. We had an employee receive major discipline from the HR and she reported to me every employee that was involved. Absolutely should not be tolerated.
J_9
May 14, 2012, 06:27 AM
I still believe the person reading a record is not violating HIPAA. Whoever allowed that person access is the one violating HIPAA. HIPAA is supposed to provide confidentiality. protection is the key word, in my opinion.
It doesn't quite work like that. You see, once employed you are given a username and a password to be able to access all of your particular unit. For instance, a radiologist has the ability to access all films, and a L&D nurse has the ability to access all fetal monitoring strips. It's impossible to limit which films/strips to which each nurse/tech has as a patient. It is up to the nurse/tech to exercise control as to not accessing files that are not associated with his/her patient.
ballengerb1
May 14, 2012, 06:57 AM
Lets look at it this way. My wife's doctor tells me about a medical condition without her permission. Who violated HIPAA, me or the doctor? The person who GIVES out the information violated the tenants of HIPAA, not me by listening. If a medical facility has protocals that allows unauthorized access to medical information it is the faciltiies violation for allowing it, not the person who receives the information. The law is about keeping/protecting the information not listening to it. The employer, in this case, is at fault. "all of your particular unit. For instance, a radiologist has the ability to access all films, and a L&D nurse has the ability to access all fetal monitoring strips" this protocol is the problem. Computers can do remarkable things but only what they are programmed to do. The "all" part should have been "authorized" information.
J_9
May 14, 2012, 07:08 AM
Lets look at it this way. My wife's doctor tells me about a medical condition without her permission. Who violated HIPAA, me or the doctor? The person who GIVES out the information violated the tenants of HIPAA, not me by listening. If a medical facility has protocals that allows unauthorized access to medical information it is the faciltiies violation for allowing it, not the person who receives the information. The law is about keeping/protecting the information not listening to it. The employer, in this case, is at fault. "all of your particular unit. For instance, a radiologist has the ability to access all films, and a L&D nurse has the ability to access all fetal monitoring strips" this protocal is the problem. Computers can do remarkable things but only what they are programmed to do. The "all" part should have been "authorized" infomation.
I see your point. However, when your wife first started visiting her doctor she most likely signed a consent of disclosure meaning that she gave the names and phone numbers of people whom the doctor/staff are allowed to disclose information to. Doctors offices and hospitals are different entities and have somewhat of a different rule.
In the hospital we have what is called, and I mentioned it before, nursing informatics. This means that we have a code that we can enter to look up virtually anything on any patient. We have the ability to do so should the NEED arise. This is different than wanting to look up exciting info on a patient that we don't treat. If your wife were to come in in labor on Tuesday but I don't work until Thursday, and there was a situation to arise with your wife's labor and/or the health of the fetus, I have the ability to look it up on the computer on Thursday when I come in to work because I have been given a username and password to be able to access that particular program that your wife's information is contained in, however since I was not directly involved in the care of your wife and/or child it would be a violation to do so.
It's really hard to explain to the layman, but we are given the ability to look into virtually any medical record should the need arise. However, we have to use our discretion when accessing such records.
If the nurse/tech is not directly involved in the care of the patient the nurse/tech should use proper judgment in not accessing that record.
J_9
May 14, 2012, 07:19 AM
Lets look at it this way. My wife's doctor tells me about a medical condition without her permission.
Did your wife sign a waiver at the doctor's office when the particular doctor assumed care? Many people don't remember signing that particular consent/waiver.
If a medical facility has protocals that allows unauthorized access to medical information it is the faciltiies violation for allowing it,
No, it is not because the nurse/tech is told in orientation as well as ongoing yearly education that they are not allowed to access information of patients not directly involved in their care.
The employer, in this case, is at fault.
I would like to agree with you, but I can't. The OP here KNEW that he/she was not allowed to access information that was not directly involved with the care of the patient's records that were accessed. We all know that as medical professionals we have to have yearly Continued Education Units (CEU's) these involve HIPAA.
I'm not at all trying to be rude or argumentative, but I have been extensively trained regarding HIPAA over the past 6+ years and I know an outright violation when I see one.
While the OP here didn't purposely set out to violate, he/she has done so. Rarely do I see a question here that does violate, this time due to education AND experience there was indeed a violation.
ScottGem
May 14, 2012, 07:25 AM
While the focus of HIPAA is to prevent unauthorized disclosure of private information, it does include protocols about the accessing of that info. So, as J_9 states, if an employee of a medical provider accesses medical records without permission, that is a violation. Doesn't matter what they do with the info. In my opinion, the person accessing records should not only see the records but the patient info attached to the record for their to be a violation. So, lets say a X-Ray tech looks at my film but knows only that it belongs to patient 12345, that isn't a violation, but if the x-ray tech knows it belongs to John Doe then a violation exists.
ymbrown
May 14, 2012, 06:15 PM
So help me out here to understand. I access a film, but I did not know the patient and was not viewing the patient information, just the film. This film has a QA assigned to it and I am only interested in viewing the mistake for educaton, or viewing for the recommendation to improve the quality of the film.
Per our handbook Hipaa states that at our facility "We may also disclose information to doctors, nurses, technicians, medical students, and other hospital personnel, for review and learning purposes.
My supervisor also place a document in place thats states the discipline for any mistakes made in our department: Red zone error (wrong patient): disciplinary action/time off without pay Yellow zone error (films marked wrong): reported and place in employees file Green zone error (room for improvement): learning experience.
These two documents directly state that we have Quality Actions for the purpose of learning. If you are unable to review without hipaa, how can they be reviewed. We are a teaching hospital and if you stated you were looking at the film only for "LEARNING PURPOSES", YOU SHOULD NOT BE DISCIPLINED FOR VIOLATING HIPAA, especially if you did not share any of the information to a third party.
J_9
May 14, 2012, 06:25 PM
So, lets say a X-Ray tech looks at my film but knows only that it belongs to patient 12345, that isn't a violation
Actually that is still a violation. The rule is that if you are not treating the patient personally you have no right to view their chart for any reason whatsoever. Whether you know any identifying factors does not matter.
ymbrown
May 14, 2012, 06:34 PM
So help me out here to understand. I access a film, but I did not know the patient and was not viewing the patient information, just the film. This film has a QA assigned to it and I am only interested in viewing the mistake for educaton, or viewing for the recommendation to improve the quality of the film.
Per our handbook Hipaa states that at our facility "We may also disclose information to doctors, nurses, technicians, medical students, and other hospital personnel, for review and learning purposes.
My supervisor also place a document in place thats states the discipline for any mistakes made in our department: Red zone error (wrong patient): disciplinary action/time off without pay Yellow zone error (films marked wrong): reported and place in employees file Green zone error (room for improvement): learning experience.
These two documents directly state that we have Quality Actions for the purpose of learning. If you are unable to review without hipaa, how can they be reviewed. We are a teaching hospital and if you stated you were looking at the film only for "LEARNING PURPOSES", YOU SHOULD NOT BE DISCIPLINED FOR VIOLATING HIPAA, especially if you did not share any of the information to a third party.
J_9
May 14, 2012, 06:40 PM
especially if you did not share any of the information to a third party. You see, YOU are the third-party here.
I'm not sure about your facility, but at my facility (I am at a teaching hospital as well), only certain people are assigned to QA/peer review. Not all employees are given the right to view QA/peer review. It is limited to only a certain number of employees per department.
ScottGem
May 14, 2012, 07:33 PM
Actually that is still a violation. The rule is that if you are not treating the patient personally you have no right to view their chart for any reason whatsoever. Whether you know any identifying factors does not matter.
I meant it shouldn't be a violation of the spirit of the law.
J_9
May 14, 2012, 07:41 PM
I meant it shouldn't be a violation of the spirit of the law.
You are right it shouldn't be, but because most everything is electronic these days whoever accesses the chart has the potential to view identifying information as every access has an electronic signature added to the record. The problem then lies in how to prove you did not access this identifying information.
ymbrown
May 15, 2012, 01:04 PM
You are right it shouldn't be, but because most everything is electronic these days whoever accesses the chart has the potential to view identifying information as every access has an electronic signature added to the record. The problem then lies in how to prove you did not access this identifying information.
Exactly, how can I prove that these access were not mine, two people sit in the same reception area. There were also other techs who left their id open t during that same audit and images were access by other parties, they weren't penalized. So, who is at fault for this, can you help me prove a case. Is it the tech who left her id open, or is the 'UNKNOWN' tech that access the files, and she gets to state... I don't know who accessed those; I wasn't here!
J_9
May 15, 2012, 07:54 PM
Exactly, how can I prove that these access were not mine, two people sit in the same reception area. There were also other techs who left their id open t during that same audit and images were access by other parties, they weren't penalized. So, who is at fault for this, can you help me prove a case. Is it the tech who left her id open, or is the 'UNKNOWN' tech that access the files, and she gets to state....I don't know who accessed those; I wasn't here!
This is where it comes to your word against theirs. I'm fairly certain you had a username and password, correct? If so, it appears that your username and password was used to access those images. Unless you gave that information to someone.
Like I have said many times on this thread, each tech/nurse has a username and password that is individual to them and them only. From what I am reading it appears you were fired due to a HIPAA violation because your username and password was used to view films.