[ Wednesday, January 11, 2006 ]


Exam Room Interlopers: A reader writes: "I really do not know a lot about HIPAA, but was curious if you could help me, or point me in the right direction. I saw your blog at http://hipaablog.blogspot.com/ and was curious if you could answer a question. If a person who doesn't work at, or even belong in a doctor's office, barges into your exam room, is this a violation of HIPAA, or does HIPAA only apply to those individuals who are in the medical profession? If you are not the person to ask, I apologize for wasting your time. Thank you."

My response: "Interesting question. HIPAA applies to "plans, providers and clearinghouses." If you're a doctor, it applies to you; if you work for a doctor (say, as a receptionist), it applies to your employer but not, really, to you, at least as far as things like civil and criminal penalties. But if a doctor's receptionist violated medical record privacy by improperly using or disclosing PHI, the doctor's office may be liable if the receptionist was following orders, acting within his/her capacity as an employee, following office procedures, etc; the doctor's office would probably not be liable if the employee was violating orders or policies. If the doctor's office didn't have procedures in place, failed to prevent the improper use or disclosure by putting reasonable policies in place, facilitated the improper use or disclosure, etc., the doctor's office would be in violation of HIPAA.

"If some dude off the street (who isn't a plan, provider or clearinghouse) barges into an exam room, the dude isn't violating HIPAA, because he's/she's can't; he/she is not a covered entity. If the doctor's office generally lets dudes off the street wander around the office so that they can barge into exam rooms, the doctor's office probably isn't doing what it needs to be doing under HIPAA to prevent improper uses/disclosures, and is violating HIPAA. If the doctor's office didn't have any way to know that the dude was going to go barging into exam rooms (say, the dude was the copier repair man, serviced the copier every month, had never caused trouble, was escorted to and from the copier and the nurse who escorted him was called away on an unforseen emergency, and the dude flipped out and started barging into exam rooms), the doctor's office probably did not violate HIPAA."

Jeff [4:33 PM]

Comments: Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template