Medical Is this a HIPAA violation and will it hurt my chances of acceptances?

[NotAProgDirector]

I worked as a scribe last year in a hospital before getting accepted into med school. My brother was admitted to the hospital and had imaging done. He later asked if I was able to print the documents for him so he can take it to his doctor and me being dumb did this for him. At the time, I really didn't think about HIPAA but now as a med student, this is something that makes me paranoid as I don't want it to bite me in the butt later. I haven't been approached by this yet but really fear that it could happen. Is there anything I can do now about the situation? Am I worrying too much about it? Any feedback would be greatly appreciated.

The good news is I don't think this is a HIPAA violation. HIPAA covers when record releases are allowed and disallowed. Patients are allowed to request their records. If you gave the records to your brother, it's not really a HIPAA issue. If you gave the records to some other physician office, then it might be.

The bad news is that this is a violation of your hospital's privacy / record access rules. You're not allowed to access anyone's record that you don't have a clinical reason for. Your brother had every right to get their records -- they just should have done so by contacting med records, not you.

If that's the case, the worst that can happen is you get fired. If you're not there any more, it no longer matters. If you're still at the same hospital (now as a medical student) then it's still a potential problem. I'd leave it alone -- unless someome complains, no one will ever notice. But now you know better.

---

Members don't see this ad.

 

[TheBoneDoctah]

Agree with the above. My wife works and uses the same hospital for her medical needs and she cannot access her own results for tests. You are only allowed to access patient records if you have a valid reason for doing so. However, would not be HIPAA.

 

[TheBoneDoctah]

Thank you for the reply, this is very relieving. I no longer work there as I am in school but will absolutely learn from my mistakes. Would it be best to avoid this hospital system for the rest of my career?

I honestly think you are okay. How long ago was this? At this point, they would have already said something to you.

 

[TheBoneDoctah]

Thank you so much for replying. This was about a year ago and has been lingering in my head since I finally realized that this wasn't the proper thing to do. I'm just worried about it affecting me in the future for a stupid mistake I made before I was a med student.

I understand what you are saying, but again I wouldn’t work yourself up over it. Learn from it, don’t do it again, and move forward.

 

[lord999]

This technically is a HIPAA violation due to the access process not being followed. However, it only is a problem if the requester had an issue with it (this is why record requests in writing are necessary) or there are other issues. If your ISO ends up doing an access report, it might get flagged for an ask, and if you are, your brother can get you out of any problems. You'll just get a chewout at worst for not following the process as the recipient did make the request, just not appropriately.

In practice, HIPAA access violations are mostly due to court discovery (divorces), voyeurism of VIPs, and role issues. It's highly unlikely that the institution will make a point of it unless externally prodded, and there is no harm to the recipients. But don't get worked up about it, the issue is that the site should have better role access controls, but don't bring it up prospectively.