You Might Be Violating HIPAA and Don’t Even Know It

I saw something that I should not have seen at my doctor’s office. 

Last week, I went to see my doctor about a nagging cough I’ve had all winter.  I had recovered from the flu right before Christmas but the cough had hung around like a brother-in-law who comes to visit and never leaves.  I stepped into his office and surveyed the small group of patients flipping through old magazines.  They eyed me back and I knew what they were thinking.  ‘What’s wrong with that guy?”  It was what I was thinking about them.

The receptionist was behind one of those big sliding frosted glass windows (apparently that is the first line of defense in the event of an epidemic) which she slid open as I approached.

“Can I help you?” she asked.

“I hope so,” I replied.  Out of the corner of my eye, I saw an elderly woman look up from her ragged copy of Women’s Day.  Was she trying to eavesdrop on my conversation?  Maybe discover that I had some incurable disease so she could run screaming into the street?  I leaned through the frosted glass opening and whispered my symptoms to the receptionist who nodded sympathetically.  I wondered if they have some kind of Receptionist Academy that teaches the proper gestures for various levels of malaise.

After a couple questions, the receptionist asked me for my insurance card which I fished out of my wallet and handed to her.  She informed me to wait a moment while she went and copied the card and then turned and walked out of the room.  I felt the old woman’s eyes boring into the back of my head as I just stood and tapped my fingers on the small ledge holding the frosted glass. Not sure if I should sit or just stand there, I fidgeted and glanced around the receptionist’s small cubicle trying to look like I knew what I was doing. There were a couple of photos of children on her cluttered desk and a takeout menu from a local deli tacked to the wall.  And then I saw what was on her monitor.   It was a patient’s medical records. I did not recognize the name but apparently the woman was being treated for diabetes and was on dialysis.

I turned and scanned the people in the waiting room.  Was one of these poor souls deathly ill? I tried to find someone with the tell-tale signs of dialysis like bruises on their arms but they were all wearing long sleeves.  Maybe it was the old woman glaring at me over her magazine. She looked to be in the kind of bad mood that having a big needle stuck in your veins produces.  Whoever it was, this was information I did not need to know; this was information I did not want to know.

This true story brings to light the fact that there are still plenty of medical offices that are violating HIPAA laws and may not even be aware of it.  The receptionist was only gone for a couple of minutes and maybe wasn’t aware that she had left a patient’s medical records visible on her screen.  Unfortunately, that happens a lot more often than you think.

Does your staff know that it is a violation of HIPAA to do the following?

  • Leave a computer unattended while logged in to a system containing protected health information
  • Check the medical records of a family member or friend because they’re concerned about the person’s health
  • Use medical records to find an address or phone number for personal records
  • Post pictures of patients or patient information on their private social media sites
  • Or, access records of patients who are no longer under their care because they’re concerned about what happened to him or her

Even though many of these actions are well intentioned, they are still in violation of HIPAA laws and could mean huge fines to a practice if discovered.  

So what can you do?  The first thing is to have an audit of your HIPAA Security by a company who has plenty of experience in compliance.  Blough Tech has more than a decade of intense training in HIPAA and can make sure you are compliant.  The next step is continuous training of your practice’s employees so there is absolutely no doubt about what constitutes a violation.  If you want to get started, just sign up below and one of our HIPAA Security experts will contact you.

By the way, my cough went away a few days later. The doctor said that I had…. Well, you don’t need to know that, do you?