Q: An emergency department (ED) nurse at a hospital and trauma center saw the name of an acquaintance on a patient list. The nurse learned that the patient was admitted to the intensive care unit (ICU). Based on this knowledge, the nurse visited the patient and family later that day. Is this a HIPAA privacy violation? The employee used information intended for treatment purposes to learn of the admission and then visit the patient.
A: The ED nurse violated the HIPAA privacy rule. The nurse used PHI for purposes other than treatment, payment, healthcare operations, or as specifically allowed by law or authorized by the patient. Merely seeing an acquaintance’s name on a patient list doesn’t amount to a HIPAA violation. The nurse’s actions, however, violated the privacy rule.
Chris Apgar, CISSP answered this question in the April 2010 issue of the HCPro newsletter Briefings on HIPAA. For more information about this newsletter visit the HCMarketplace .