Example: You Are Walking in the Hallway and Encounter Your Neighbor Been Wheeled By

Hippa

1. Do not share any patient's protected health information with anyone not involved in that patient's care unless you have a specific job-related reason to do so or you have the patient's permission.

Example: You are walking in the hallway and encounter your neighbor been wheeled by a transporter.

You may acknowledge that patient and even chat with them.

You may not go home and tell your spouse that you saw the neighbor without the neighbor's specific permission to do so.

You may not look up information on the patient in their record.

2. Be aware of your surroundings and cognizant of the locations where you are having conversations that contain protected health information. Discussions in the elevator, cafeteria, atrium or public restrooms are not appropriate.

3. Be aware that it is not just the use of a patient name that can cause a HIPAA violation. There are many other identifiers outlined in the HIPAA regulations. A HIPAA violation occurs when enough information is given that anyone hearing the comments can reasonably figure out who the patient being discussed is.

The HIPAA Regulations direct that patient protected health information is not to be used or disclosed unless the workforce member is providing care to the patient or performing their specific duties. With that direction in mind, then the answer in most circumstances would be that you should not be discussing any patient or their medical information while you are “off the clock.”

Remember that even if you do not use any patient identifiers, the perception of anyone overhearing you will not be positive.

Communicating with others, whether they are workforce members or not, about a patient or their medical condition can result in negative outcomes for the individual(s) involved. A recent event involving staff in an Emergency Department taking pictures of an interesting x-ray on their cell phones resulted in termination of their employment after they posted those photos on their Facebook pages. Those staff members felt that because there was no patient information viewable on the photos that it would not be a problem. That was not the case. Remember, the HIPAA Regulations include a very lengthy list of what constitutes patient identifiers (images are included); it is not just a patient name. It is not OK to discuss patient information on social networking websites, or use your personal mobile phone to take a photograph of a patient.

The HIPAA Regulations apply to all workforce members all of the time, whether you are on or off the clock. HIPAA also remains in effect, requiring that you continue to protect patient information, even after you are no longer a workforce member. Recent amendments to the original HIPAA laws have resulted in increased government scrutiny of privacy breaches. That means you could personally be fined or serve jail time if you violate the privacy Regulations.

Remember that you always need a patient’s permission to discuss their situation, no matter your relationship with that patient - co-worker, boss, friend or family member. Regardless of your relationship, HIPAA still applies and the person is first and foremost a patient. Also remember, that even if a patient provides all of the details regarding their condition, he or she is not giving you permission to discuss that information with anyone else.