1. Free Legal Help, Legal Forms and Lawyers. TheLaw.com has been providing free legal assistance online since 1995. Our most popular destinations for legal help are below. It only takes a minute to join our legal community!

    Dismiss Notice

HIPPA violation?

Discussion in 'Other Legal Issues' started by Bl2849381, May 29, 2019.

  1. Bl2849381

    Bl2849381 Law Topic Starter New Member

    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Jurisdiction:
    Colorado
    Is it a violation of HIPPA for a nurse to tell someone the results of a patient's blood work while the patient is asleep? The person who was told was not a family member of the patient and the patient had not given consent for anyone to be given her personal information. The patient was also not a minor. Also could anything be legally done about this? As a direct result of the nurse giving out the patients personal information the patient was put directly in harms way and ended up sustaining further injuries.
     
  2. army judge

    army judge Super Moderator

    Messages:
    33,276
    Likes Received:
    5,326
    Trophy Points:
    113

    What Happens if you Violate HIPAA? – HIPAA Violation Classifications
    What happens if you violate HIPAA? That depends of the severity of the violation. OCR prefers to resolve HIPAA violations using non-punitive measures, such as with voluntary compliance or issuing technical guidance to help covered entities address areas of non-compliance. However, if the violations are serious, have been allowed to persist for a long time, or if there are multiple areas of noncompliance, financial penalties may be appropriate.

    The four categories used for the penalty structure are as follows:

    Tier 1: A violation that the covered entity was unaware of and could not have realistically avoided, had a reasonable amount of care had been taken to abide by HIPAA Rules

    Tier 2: A violation that the covered entity should have been aware of but could not have avoided even with a reasonable amount of care. (but falling short of willful neglect of HIPAA Rules)

    Tier 3: A violation suffered as a direct result of “willful neglect” of HIPAA Rules, in cases where an attempt has been made to correct the violation

    Tier 4: A violation of HIPAA Rules constituting willful neglect, where no attempt has been made to correct the violation


    What is Considered a HIPAA Violation?

    A HIPAA violation is a failure to comply with any aspect of HIPAA standards and provisions detailed in detailed in 45 CFR Parts 160, 162, and 164.

    What is a HIPAA Violation?

    Examples of HIPAA Violations

    There are hundreds of ways that HIPAA Rules can be violated, although the most common HIPAA violations are:

    Impermissible disclosures of protected health information (PHI)
    Unauthorized accessing of PHI
    Improper disposal of PHI
    Failure to conduct a risk analysis
    Failure to manage risks to the confidentiality, integrity, and availability of PHI
    Failure to implement safeguards to ensure the confidentiality, integrity, and availability of PHI
    Failure to maintain and monitor PHI access logs
    Failure to enter into a HIPAA-compliant business associate agreement with vendors prior to giving access to PHI
    Failure to provide patients with copies of their PHI on request
    Failure to implement access controls to limit who can view PHI
    Failure to terminate access rights to PHI when no longer required
    The disclosure more PHI than is necessary for a particular task to be performed
    Failure to provide HIPAA training and security awareness training
    Theft of patient records
    Unauthorized release of PHI to individuals not authorized to receive the information
    Sharing of PHI online or via social media without permission
    Mishandling and mismailing PHI
    Texting PHI
    Failure to encrypt PHI or use an alternative, equivalent measure to prevent unauthorized access/disclosure
    Failure to notify an individual (or the Office for Civil Rights) of a security incident involving PHI within 60 days of the discovery of a breach
    Failure to document compliance efforts



    What are the Penalties for HIPAA Violations?

    What are the Penalties for HIPAA Violations?


    Your answer can be found hidden in the mountain of material hereinabove.

    Bottom line, be prepared to be ignored and to eventually receive NOTHING.
     
  3. justblue

    justblue Well-Known Member

    Messages:
    2,121
    Likes Received:
    925
    Trophy Points:
    113

    Please clarify how the patient was "put in harms way" and "sustained further injuries" from telling the results to a blood test. Who was it that was told the results...ie...police officer? Spouse? total stranger?
     
  4. Zigner

    Zigner Well-Known Member

    Messages:
    3,260
    Likes Received:
    1,740
    Trophy Points:
    113

    The OP states that it wasn't a family member...but this is still a great question.
     
    hrforme likes this.
  5. zddoodah

    zddoodah Well-Known Member

    Messages:
    4,617
    Likes Received:
    1,242
    Trophy Points:
    113

    It's HIPAA, not "HIPPA," and the answer to the question depends on who the "someone" is and why the results were disclosed.

    Simply being "a family member" does not entitle one to medical information covered by HIPAA, and the fact that the patient hadn't consented to disclosure doesn't necessarily mean the disclosure wasn't legal.

    If a HIPAA violation occurred, the exclusive remedy is to complain to the U.S. Department of Health & Human Services.

    Please elaborate because this could give the patient a civil claim against the nurse and maybe others.
     
  6. Tax Counsel

    Tax Counsel Well-Known Member

    Messages:
    1,680
    Likes Received:
    964
    Trophy Points:
    113

    Whether it is a violation of HIPAA depends on who it was that the nurse told and why. You have curiously told us only that the person who was told the results was not a family member of the patient and that the patient was not a minor. That leaves a whole lot of other people that might have been told, and it matters very much who that person was and why the disclosure was made.

    Even if it was a HIPAA violation, however, the patient's only recourse there is to complain to the U.S. Department of Health and Human Services (HHS). HIPAA does not give the patient a right to sue for HIPAA violations.

    That said, you might have a negligence claim against the nurse and his/her employer under Colorado law. Again, though it matters a lot who was given the test results and why. It also matters what harm the patient suffered from it.
     
  7. Bl2849381

    Bl2849381 Law Topic Starter New Member

    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    The patient was in the ER due to falling in and out of consciousness as the result of a head injury. The head injury was sustained during an altercation with her boyfriend. He was very abusive. When he dropped her off and picked her up again later she was not able to confirm who he was. The blood test results were of a positive pregnancy test. She was " not supposed to have gotten pregnant". So after he brought her home she was beaten again. Never once did any of the hospital staff confirm that he was who he said he was, or that it was ok with her that her test results be shared with him. She had many obvious bruises and a very large black eye. It was even questioned if she was being abused. Only she was never actually asked. They (nurse/dr/) talked about it to each other while standing in the corner of the room.
     
  8. army judge

    army judge Super Moderator

    Messages:
    33,276
    Likes Received:
    5,326
    Trophy Points:
    113

    If that is true, the ALLEGED victim of the battering should IMMEDIATELY report it to the police or sheriff.

    Any other remedies should be addressed AFTER she is fully healed and the perpetrator is under arrest.

    If one's home is burning to the ground why would one worry about a trespasser jumping one's fence?
     
    shadowbunny, justblue and hrforme like this.
  9. zddoodah

    zddoodah Well-Known Member

    Messages:
    4,617
    Likes Received:
    1,242
    Trophy Points:
    113

    What information was disclosed?
     
  10. justblue

    justblue Well-Known Member

    Messages:
    2,121
    Likes Received:
    925
    Trophy Points:
    113

    That the patient was/is pregnant.
     
  11. Zigner

    Zigner Well-Known Member

    Messages:
    3,260
    Likes Received:
    1,740
    Trophy Points:
    113

    I don't see that there is any proof that the cause of the additional beating was the release of the test results. The POS had already beat her without knowing she was pregnant and he would have beat her again.
     
  12. army judge

    army judge Super Moderator

    Messages:
    33,276
    Likes Received:
    5,326
    Trophy Points:
    113

    “What's past is prologue”, as said by Sebastian in Act II, Scene I of The Tempest, comes to mind.
     
    justblue likes this.
  13. justblue

    justblue Well-Known Member

    Messages:
    2,121
    Likes Received:
    925
    Trophy Points:
    113

    I think that DV Victims and their family would rather blame the hospital for the abuse then the "man" who committed the crime. And now their is a helpless child brought into this violent mess...unless the victim lost her child from the beating.
     
    S&Jm82001 and hrforme like this.
  14. cbg

    cbg Super Moderator

    Messages:
    8,486
    Likes Received:
    1,611
    Trophy Points:
    113

    For what it's worth, I think that yes, it's entirely possible that HIPAA was violated. However, for that the patient gets to file a complaint with HHS.

    Filing a HIPAA Complaint

    HHS will investigate and determine for certain if there was a violation. I agree that it's impossible to say for certain in this venue, but I can't say it didn't happen with the fact pattern we have.

    However, that is not going to address the subsequent beating, which I agree would likely have happened regardless; if not for one reason then for another. The nurse who may have violated HIPAA is not and will not be held responsible for that - the only person who has any legal responsibility for that is the person who committed it. So the police need to be called - the sooner the better.
     
    hrforme and justblue like this.
  15. leslie82

    leslie82 Well-Known Member

    Messages:
    1,856
    Likes Received:
    267
    Trophy Points:
    83
    Who are you in this scenario? Why haven't you called the police if you know someone is being abused? Granted that doesn't guarantee anyone is arrested but...just wondering how you relate to this all.

    If you're the one who was abused, please find services in your area to help you get out or a trusted friend or family member.
     

Share This Page