Reference no: EM133657564
SCENAIRO
A physical therapist receives a phone call from a woman demanding to know when her daughter-in-law's next appointment is. The therapist tells the woman that she cannot disclose any information, and the woman becomes very angry and abusive, threatening to make a complaint. After the phone call, the therapist logs into the electronic medical record system to make a note about the conversation. However, since the two women share the same last name, the therapist accidentally accesses the woman's record instead of the daughter-in-law's record. The therapist realizes the mistake, but not before spotting that the woman suffers from a serious mental health disorder, which might explain her behavior on the phone. The therapist mentions to her supervisor the possibility of a complaint being brought and also mentions that the woman has a history of mental health problems.
In your responses to your peers, indicate whether you agree with them about the way the situation was handled, and explain why or why not.
PEER ONE :
I do believe there has been a breach of confidentiality in the mother-in-law's protected health information. Had the physical therapist not divulged any information that she accidentally learned, causing no impact or harm, I do not believe there would have been a need to confess her acts nor should any subsequent action be brought against her had the breach been identified at a later point. However, the physical therapist breached confidentiality when she shared the PHI with yet another unauthorized party, her supervisor. The supervisor should do their best to not let the information they received impact their potential interaction with the mother-in-law. They should also have the physical therapist renew their HIPAA education and make note of the event in their employee folder. The patient and/or mother-in-law do not need to be notified at this point as the breach was contained and efforts were made to limit any outfall or future events.
PEER TWO:
While the viewing of the wrong patient profile was a mistake by the physical therapist, it was also a breach of privacy for the mother-in-law whose record should not have been accessed. When she realized she had the wrong record, she should have immediately exited to avoid further breach of privacy. By continuing to go through the record, she made an active decision to invade the privacy of this patient. The supervisor should have addressed the breach with the provider and made it very clear that patient data is extremely private. It may even mean taking remedial action as these kinds of occurrences cannot happen. Breaching patient records also puts the organization at risk of dealing with legal actions. To prevent further issues with patient records all staff should receive training on proper handling of patient information and the importance of HIPAA. The patient should be notified that her record was breached as she has a right to know who has accessed her information.