The following was posted on a listserv yesterday which begs the question: Are your practice employees trained in all facets of HIPAA? Have you provided them with the appropriate education on privacy? As you know, employee education is one of the main components of HIPAA compliance………..the email below shows how easy it can be for a practice to become embroiled in a HIPAA violation:
Patient has informed us that employee has violated HIPAA. She stated that Employee has called up ex-boyfriend and told him another ex-girlfriend of his (patient) is pregnant. Patient states that the ex-boyfriend called her and told her Employee told him that the patient was pregnant.
Patient has provided me a letter stating the facts as she sees it and has authorized me to contact this middle guy. She even put his name and phone number in the letter. He lives in another town about 250 miles away.
I have made SEVERAL attempts for this middle guy to contact me about the situation. I just have left voice mails for him to contact me without stating reason for call but that this was NOT a sales call. I can not get him to call me back. Patient refuses to contact him and make him call to give his statement for concern for her relationship with her husband. She is very upset and wants action taken.
The employee has not accessed the patient’s chart (EMR) but did visibly see patient when she was here for an appointment. I have asked this employee about the situation as I have no other evidence to go on. She initially said she did not know the patient by name. I then asked her if she knows the guy and she said yes. Then later, she told me that the patient was his ex girlfriend before she was his ex girlfriend. However, she said she has not made any contact with him since August. But when I first mentioned his name to her she said she had not talked with him in a LONG while.