Q&A: Discussing appointments of friends and family in a doctor's office
Q: At the doctor’s office where I work, the patients are often the friends or family members of staff members who assist with the exams. Yesterday, a coworker and I were preparing the charts for the day with our assigned doctor, and my coworker, Jane, told me that one of the patients we were seeing that day was the boyfriend of another coworker, Jill. Later, I happened to be having lunch with Jill in our break room, and she was talking about her boyfriend. I mentioned to her that Jane told me Jill’s boyfriend was coming in for his appointment and asked if Jill was planning on assisting his doctor during the exam. Jill was furious at Jane’s disclosure and said that she would be filing a formal complaint regarding a HIPAA violation. As soon as I clocked back in from lunch, management pulled me away and asked me to explain what happened as they are launching a formal investigation. Since it was Jill who initially told Jane that her boyfriend was coming in for the exam, is this really a HIPAA violation? Could my job really be in jeopardy?
A: It is a HIPAA violation. Jane should not have told you that Jill’s boyfriend was coming in. That’s a violation of his privacy because that information did not need to be shared to prepare for the exam. It was a further violation that you told Jill that her boyfriend was scheduled for an exam. What Jane said and what you said were both violations of the minimum necessary requirement. It’s a good idea to only pass along information about a patient if it’s needed for treatment, payment, or what falls into the category of healthcare operations. Per HIPAA, there need to be sanctions for violating the HIPAA Privacy Rule. The severity of the sanctions is up to the covered entity, your employer.
Editor’s note: Question answered by Chris Apgar, president of Apgar & Associates, LLC, in Portland, Oregon. He is also a BOH editorial advisory board member. This information does not constitute legal advice. Consult legal counsel for answers to specific privacy and security questions. Opinions expressed are those of the author and do not represent HCPro or ACDIS. Email your HIPAA questions to Associate Editor Heidi Samuelson at hsamuelson@hcpro.com.