[J_9]

Peer review and QA are virtually the same thing. In my department there is a peer review when there is a bad outcome. Basically the other nurses review the strips/films to find out if there was something that was missed by the treating nurse. We review that so that we can learn and prevent a bad outcome in the future. In other words, it's when a film/strip is open for interpretation for other members of the staff. However, the film/strip as to be marked as such so as not to violate.

What is the relationship between you and your supervisor? This may have bearing on your "punishment." Depending upon your relationship there may be a clause in your handbook about employee relations.

I notice from another one of your threads that you are in Michigan. Would you mind letting me know what city? Is this a large hospital or a rural hospital?

Your "relationship" may be the key here.

[ballengerb1]

I still believe the person reading a record is not violating HIPAA. Whoever allowed that person access is the one violating HIPAA. HIPAA is supposed to provide confidentiality. Protection is the key word, in my opinion.

[ymbrown]

Peer review and QA are virtually the same thing. In my department there is a peer review when there is a bad outcome. Basically the other nurses review the strips/films to find out if there was something that was missed by the treating nurse. We review that so that we can learn and prevent a bad outcome in the future. In other words, it's when a film/strip is open for interpretation for other members of the staff. However, the film/strip as to be marked as such so as not to violate.

What is the relationship between you and your supervisor? This may have bearing on your "punishment." Depending upon your relationship there may be a clause in your handbook about employee relations.

I notice from another one of your threads that you are in Michigan. Would you mind letting me know what city? Is this a large hospital or a rural hospital?

Your "relationship" may be the key here.

Yes, I live in a small rural community, with a privately owned hospital.. At will employer, although I know I will not get my job back; however unemployment benefits are a must as I have a large family and my family depended on my income.

My relationship was strained with my employer as I am very independent and strong willed. I always believed for equal treatment and discipline throughout the department. She has stated specifically to me... I know you are always making sure I am being fair! Which she never is and continually talks about employees. We had an employee receive major discipline from the HR and she reported to me every employee that was involved. Absolutely should not be tolerated.

[J_9]

I still believe the person reading a record is not violating HIPAA. Whoever allowed that person access is the one violating HIPAA. HIPAA is supposed to provide confidentiality. protection is the key word, in my opinion.

It doesn't quite work like that. You see, once employed you are given a username and a password to be able to access all of your particular unit. For instance, a radiologist has the ability to access all films, and a L&D nurse has the ability to access all fetal monitoring strips. It's impossible to limit which films/strips to which each nurse/tech has as a patient. It is up to the nurse/tech to exercise control as to not accessing files that are not associated with his/her patient.

[ballengerb1]

Lets look at it this way. My wife's doctor tells me about a medical condition without her permission. Who violated HIPAA, me or the doctor? The person who GIVES out the information violated the tenants of HIPAA, not me by listening. If a medical facility has protocals that allows unauthorized access to medical information it is the faciltiies violation for allowing it, not the person who receives the information. The law is about keeping/protecting the information not listening to it. The employer, in this case, is at fault. "all of your particular unit. For instance, a radiologist has the ability to access all films, and a L&D nurse has the ability to access all fetal monitoring strips" this protocol is the problem. Computers can do remarkable things but only what they are programmed to do. The "all" part should have been "authorized" information.

[J_9]

Lets look at it this way. My wife's doctor tells me about a medical condition without her permission. Who violated HIPAA, me or the doctor? The person who GIVES out the information violated the tenants of HIPAA, not me by listening. If a medical facility has protocals that allows unauthorized access to medical information it is the faciltiies violation for allowing it, not the person who receives the information. The law is about keeping/protecting the information not listening to it. The employer, in this case, is at fault. "all of your particular unit. For instance, a radiologist has the ability to access all films, and a L&D nurse has the ability to access all fetal monitoring strips" this protocal is the problem. Computers can do remarkable things but only what they are programmed to do. The "all" part should have been "authorized" infomation.

I see your point. However, when your wife first started visiting her doctor she most likely signed a consent of disclosure meaning that she gave the names and phone numbers of people whom the doctor/staff are allowed to disclose information to. Doctors offices and hospitals are different entities and have somewhat of a different rule.

In the hospital we have what is called, and I mentioned it before, nursing informatics. This means that we have a code that we can enter to look up virtually anything on any patient. We have the ability to do so should the NEED arise. This is different than wanting to look up exciting info on a patient that we don't treat. If your wife were to come in in labor on Tuesday but I don't work until Thursday, and there was a situation to arise with your wife's labor and/or the health of the fetus, I have the ability to look it up on the computer on Thursday when I come in to work because I have been given a username and password to be able to access that particular program that your wife's information is contained in, however since I was not directly involved in the care of your wife and/or child it would be a violation to do so.

It's really hard to explain to the layman, but we are given the ability to look into virtually any medical record should the need arise. However, we have to use our discretion when accessing such records.

If the nurse/tech is not directly involved in the care of the patient the nurse/tech should use proper judgment in not accessing that record.

[J_9]

Lets look at it this way. My wife's doctor tells me about a medical condition without her permission.

Did your wife sign a waiver at the doctor's office when the particular doctor assumed care? Many people don't remember signing that particular consent/waiver.

If a medical facility has protocals that allows unauthorized access to medical information it is the faciltiies violation for allowing it,

No, it is not because the nurse/tech is told in orientation as well as ongoing yearly education that they are not allowed to access information of patients not directly involved in their care.

The employer, in this case, is at fault.

I would like to agree with you, but I can't. The OP here KNEW that he/she was not allowed to access information that was not directly involved with the care of the patient's records that were accessed. We all know that as medical professionals we have to have yearly Continued Education Units (CEU's) these involve HIPAA.

I'm not at all trying to be rude or argumentative, but I have been extensively trained regarding HIPAA over the past 6+ years and I know an outright violation when I see one.

While the OP here didn't purposely set out to violate, he/she has done so. Rarely do I see a question here that does violate, this time due to education AND experience there was indeed a violation.

[ScottGem]

While the focus of HIPAA is to prevent unauthorized disclosure of private information, it does include protocols about the accessing of that info. So, as J_9 states, if an employee of a medical provider accesses medical records without permission, that is a violation. Doesn't matter what they do with the info. In my opinion, the person accessing records should not only see the records but the patient info attached to the record for their to be a violation. So, lets say a X-Ray tech looks at my film but knows only that it belongs to patient 12345, that isn't a violation, but if the x-ray tech knows it belongs to John Doe then a violation exists.

[ymbrown]

So help me out here to understand. I access a film, but I did not know the patient and was not viewing the patient information, just the film. This film has a QA assigned to it and I am only interested in viewing the mistake for educaton, or viewing for the recommendation to improve the quality of the film.

Per our handbook Hipaa states that at our facility "We may also disclose information to doctors, nurses, technicians, medical students, and other hospital personnel, for review and learning purposes.

My supervisor also place a document in place thats states the discipline for any mistakes made in our department: Red zone error (wrong patient): disciplinary action/time off without pay Yellow zone error (films marked wrong): reported and place in employees file Green zone error (room for improvement): learning experience.

These two documents directly state that we have Quality Actions for the purpose of learning. If you are unable to review without hipaa, how can they be reviewed. We are a teaching hospital and if you stated you were looking at the film only for "LEARNING PURPOSES", YOU SHOULD NOT BE DISCIPLINED FOR VIOLATING HIPAA, especially if you did not share any of the information to a third party.

[J_9]

So, lets say a X-Ray tech looks at my film but knows only that it belongs to patient 12345, that isn't a violation

Actually that is still a violation. The rule is that if you are not treating the patient personally you have no right to view their chart for any reason whatsoever. Whether you know any identifying factors does not matter.

[ymbrown]

So help me out here to understand. I access a film, but I did not know the patient and was not viewing the patient information, just the film. This film has a QA assigned to it and I am only interested in viewing the mistake for educaton, or viewing for the recommendation to improve the quality of the film.

Per our handbook Hipaa states that at our facility "We may also disclose information to doctors, nurses, technicians, medical students, and other hospital personnel, for review and learning purposes.

My supervisor also place a document in place thats states the discipline for any mistakes made in our department: Red zone error (wrong patient): disciplinary action/time off without pay Yellow zone error (films marked wrong): reported and place in employees file Green zone error (room for improvement): learning experience.

These two documents directly state that we have Quality Actions for the purpose of learning. If you are unable to review without hipaa, how can they be reviewed. We are a teaching hospital and if you stated you were looking at the film only for "LEARNING PURPOSES", YOU SHOULD NOT BE DISCIPLINED FOR VIOLATING HIPAA, especially if you did not share any of the information to a third party.

[J_9]

especially if you did not share any of the information to a third party.

You see, YOU are the third-party here.

I'm not sure about your facility, but at my facility (I am at a teaching hospital as well), only certain people are assigned to QA/peer review. Not all employees are given the right to view QA/peer review. It is limited to only a certain number of employees per department.

[ScottGem]

Actually that is still a violation. The rule is that if you are not treating the patient personally you have no right to view their chart for any reason whatsoever. Whether you know any identifying factors does not matter.

I meant it shouldn't be a violation of the spirit of the law.

[J_9]

I meant it shouldn't be a violation of the spirit of the law.

You are right it shouldn't be, but because most everything is electronic these days whoever accesses the chart has the potential to view identifying information as every access has an electronic signature added to the record. The problem then lies in how to prove you did not access this identifying information.

[ymbrown]

You are right it shouldn't be, but because most everything is electronic these days whoever accesses the chart has the potential to view identifying information as every access has an electronic signature added to the record. The problem then lies in how to prove you did not access this identifying information.

Exactly, how can I prove that these access were not mine, two people sit in the same reception area. There were also other techs who left their id open t during that same audit and images were access by other parties, they weren't penalized. So, who is at fault for this, can you help me prove a case. Is it the tech who left her id open, or is the 'UNKNOWN' tech that access the files, and she gets to state... I don't know who accessed those; I wasn't here!

[J_9]

Exactly, how can I prove that these access were not mine, two people sit in the same reception area. There were also other techs who left their id open t during that same audit and images were access by other parties, they weren't penalized. So, who is at fault for this, can you help me prove a case. Is it the tech who left her id open, or is the 'UNKNOWN' tech that access the files, and she gets to state....I don't know who accessed those; I wasn't here!

This is where it comes to your word against theirs. I'm fairly certain you had a username and password, correct? If so, it appears that your username and password was used to access those images. Unless you gave that information to someone.

Like I have said many times on this thread, each tech/nurse has a username and password that is individual to them and them only. From what I am reading it appears you were fired due to a HIPAA violation because your username and password was used to view films.