Iowa Need-to-know medical records inquiry


Chris Hipaa

Hello and thank you for responding ahead of time.

I work in a nursing home in a smaller town in Iowa. I'm part of the nursing staff which helps coordinate cares, medications, physician appointments, etc for each resident. As a nurse, I have access to all of the dependent residents' medical records in order to properly take care of them.

We have "household coordinators" who are kind of the heads of each hallway of residents, who are responsible for maintaining the dietary staff, the schedule, the daily happenings amidst the residents, etc. They are not nurses, CNA's or have anything to do with nursing cares. However, they are kind of the "boss" of each area, which is where things get a little fuzzy, legally.

Keeping HIPAA in mind, and being in this position they are in, do they have access to each resident's personal medical records? Sometimes I see them looking through resident charts or through medication records, but do they really have legal access to these without any medical background? I am not happy with having a supervisor who isn't even a nurse, so I want to know if this is legal? And if not, am I responsible for reporting this to a state agency? What can I do to advocate for my residents to ensure their right to privacy?
I have been trained in HIPAA from an employment perspective and not hospital perspective, so take it for what it's worth.

I work in the Benefits office of a very large university, which has a medical school and its own insurance plan. We undergo HIPAA training every year, and in our situation, it is a matter of the job and not the background. I do not have any medical training; I am neither doctor, nurse, CNA, LPN, PA, or any other medical personnel. But my job duties include helping people select the best benefit information for them, and after they've made their elections I sometimes have to help them with mis-handled claims (or claims that they believe to be mis-handled, at least). As I result I occasionally come to have access to certain medical information. Since I cannot do my job without it, my employer has put me under the HIPAA umbrella and I am subject to all the rules, regulations and limitations that HIPAA puts on my employer. The law does NOT say that I have to be trained in some aspect of medicine in order to have that access.

So unless there are some very specific limitations that hospitals/nursing homes have that employers who are subject to HIPAA are not, your employer may LEGALLY put them under the HIPAA umbrella and allow them access.
I do know HIPAA from both sides as my employer does also have a medical facility. There is nothing in HIPAA which restricts medical information to only those with certain credentials. The standard is "need to know". For any given claim there are countless individuals without medical training who come across PHI as part of their jobs. The admitting staff, receptionist, billing department, records department, IT, the insurance company, etc. Certainly the coordinator you describe above would have a legitimate need at times to access certain medical records and patient charts. Totally legal. You may not like having a non-medical person in charge, but you aren't going to be able to use HIPAA as an excuse to get around it.