Some cute stuffed animals, some balloons, some bows, and some sweet bouquets. When you think ‘hospital gift shop’ you don’t usually think about PHI leaks and HIPAA risks.
Here’s how one respected health system accidentally breached PHI last…
Click here to login and get access to this article if you already receive the HC Compliance News Wire
If you've already signed in and are still seeing this screen, click here to refresh the page.
If you've already signed in and are still seeing this screen, click here to refresh the page.
HC Compliance News Wire
Free registration required for full access to articles.
You will also receive
- Free updates and advice on Stark, HIPAA, RAC audits and more.
- Discounts on 3rd party offers.
September 22nd, 2009 at 10:57 am
Unless the patient has asked to be left out of the facility directory (called a “non-pub patient” by many facilities), this is not a HIPAA violation. Anyone who calls anywhere in the hospital with a patient’s name can be told the patient’s location. It’s no different from if someone just calls the information desk and asks where the patient is. The caller can be told the patient is in ICU. If someone comes to visit a patient inthe hospital, and says the patient’s name, they would also be told that the person was in ICU. Of course, if the hospital in this scenario didn’t give out the info because the patient was non-pub, then that would be different. In most computer systems, the non-pub patient’s name would not even appear in the directory of patients that the gift shop had access to.
September 22nd, 2009 at 11:47 am
It was not mentioned whether or not the patient opted out of being in the hospital directory. So how could calling the hospital to ask if her friend was still in the hospital so she could send her flowers, be considered a HIPAA violation.
Who in the gift shop would have access to that type of information??
April 13th, 2010 at 10:06 am
I too would like to know how a gift shop employee knew the status of the patient. Must be a SMALL hospital!