September 26, 2014 at 11:06 PM #16318
Jason Hautala RNMember
A ‘feature” of our new EMR, Cerner, is one in which if a patient is admitted to the hospital from the ER and then develops signs of sepsis, such as low blood pressure, high WBCs, etc, it will send us a warning about that patient as a pop up window. Not only are these pop ups annoying, I feel they are a HIPPA violation because once the patient is out of the ER, I no longer have a need to know anything about the patient, but the system is making me look at their name, their specific lab values, and their specific vital signs, along with a warning of what the computer thinks the patient has (sepsis, pneumonia, MRSA, etc.) I can see how sending the PCP this information would be useful, or even to the nurse taking care of the patient at the time, but to send it to the ER nurse, who no longer has anything to do with the patient seems to break the minimum required information rule of HIPPA. I sent an email to our HIPPA person at work who states she looked into it and finds it not to be in violation of HIPPA, but the more I read, the more convinced I’m right.
Are there any HIPPA queens or kings out there who can confirm or deny my position?September 29, 2014 at 10:18 PM #16369
It is my understanding that it is a violation. Once your patient was discharged from the ER, that patient is not longer a part of your job duties. You receiving information about their labs, other medical test, diagnosis, and treatment are no longer a requirement for your job duties as the patients has been discharged from your care. It would be no different than you going down to the medical records department and riffling through random charts even if you had at one time or another taken care of the patients. It is protected health information and unless that patient becomes your patient again it should remain that way.
“The minimum necessary standard, a key protection of the HIPAA Privacy Rule, is derived from confidentiality codes and practices in common use today. It is based on sound current practice that protected health information should not be used or disclosed when it is not necessary to satisfy a particular purpose or carry out a function.”
http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/minimumnecessary.html There are a few links on here that will explain some of it. Another source would be the BON in your state.
Hope this helps.September 30, 2014 at 2:38 PM #16377
Jason Hautala RNMember
Thank you 🙂
You must be logged in to reply to this topic.