 |
I am a former DON of a nursing home who utilized my email accts (business email & my private pswd-protected personal laptop at home), to allow me to complete, edit, create, etc, work related things. There was never any sharing of the info and only used for completion of the extensive duties I was responsible for. I worked about 70 hrs per week at the facility and then of course worked at home. I am now being accused of the ? Above... thoughts on this anyone?
You are being accused of what question? Your post isn't very clear.
Sorry about that. My previous employer has reviewed my email acct at work and seen (and was aware mind u) that emails with attachments of various kinds were exchanged between the emails for my purposes of completing my work at home when able but feel because it contains protected health info that I have violated hippa laws and stole info. It is ridiculous but the employer Is angry that I quit and I feel this is retaliation. Does that help clarify?
Who were these emails exchanged with?
Oh, and by the way, it's HIPAA not HIPPA.
Thank u for catching that typo. Exchanged only with myself simply to complete my workQuote:
Originally Posted by J_9
You exchanged emails with yourself?
Yes, I would send incomplete things like spreadsheets, qa reports, memos, etc to my home email to complete when at home and then send them back to my work email to print or distribute or whatever.
Could you not access your work email from home? I know I can.
I couldn't until late October and of course did it that way after
I don't know what HIPAA reviewers would do even if what you did was wrong. All I know is that they have a huge backlog and that they rule on very few cases. Most are rejected. That is not to say that you might not eventually be sanctioned in some way. But just a guess from what I know about the cases they have ruled on, which were large scale such as an entire university's reporting system, I think you have a good chance. There are lawyers who specialize in HIPAA. I would assume that the nursing home is guilty if you are guilty, for allowing you to do this (whether they try to claim they didn't know or not), and might tell them so.
The way I understand it, removing medical info from the practioner's facilities can be considered a violation. Especially if this was not done with the full knowledge and consent of the office.
Health Information Privacy (from HHS website)
"A covered entity must adopt reasonable and appropriate policies and procedures to comply with the provisions of the Security Rule. A covered entity must maintain, until six years after the later of the date of their creation or last effective date, written security policies and procedures and written records of required actions, activities or assessments.30 "
What does the Nursing Home's written policy say about emailing patient information? My understanding is that "covered entities" are required to establish policies and procedures which insure compliance with HIPAA laws, as described in the above quote from HHS.
If the emails violated the employer's written policy, regardless of whether the alleged infraction is specifically described in HIPAA law, the employer can take action for a violation of their established policies and procedures.
| All times are GMT -7. The time now is 04:18 AM. |