A community of 30,000 US Transcriptionist serving Medical Transcription Industry

HIPAA violation? My HMO's records dept accidentally sent - me a copy of another person s entire medical recor

Posted: Jan 10, 2015

instead of my own. I called and told the person (it was the exact person that I had send the records) and he acted like it was no big deal -- he just goes, "oh could you bring that back here today?" Of course I will bring them back, but I think it was funny how he made it seem like there was nothing wrong with the scenario. He probably thought I had no idea about HIPAA.

Yes, that is absolutely a HIPAA violation - sm

[ In Reply To ..]
The attitude of the person responsible for it is deeply disturbing. What is the HMO going to do to make sure something like that does not happen again?

The employee who sent me the records is - probably hoping

[ In Reply To ..]
I won't say anything to his supervisor. I don't want to get anyone fired or anything, but I think I'd be really upset if those were MY records accidentally sent to someone else. I sealed the envelope back up and will bring it back so no harm done...I just don't know what to do...just return the records and not say anything to anyone? Return them to that employee and tell him I SHOULD report it because it is a HIPAA violation? Or actually report it...but to whom? If I just report it at the HMO records facility they will prob just act like it didn't happen as they would be in big trouble.

Call the HMO's - HIPAA

[ In Reply To ..]
compliance officer. If the employee sent someone else's records to you, it is possible your records have been sent to someone else. It is also possible, probably likely, that this is not the first time this employee has done this. It is not your problem if the employee gets in trouble or gets fired. It is the problem of the person who was careless. The HMO is required to make a report of the incident, so informing the HIPAA compliance officer will ensure that it is not swept under the rug.

It should be reported IMO - sm

[ In Reply To ..]
The supervisor of the records department should be told. This is a huge violation. This might not be the first "mistake" this clerk has made. When we send copies to the wrong physician, not even a patient, we get written up (at my place of employment anyhow). To send a whole medical record to another patient is unacceptable.

I know there are a lot of things MTs have going on to rationalize sending copies to the wrong doctor (misunderstanding the pronunciation of name, different doctors with the same name, rushing because we are paid on production), but we still get warned and written up for HIPAA violation.

I have no idea what is in this clerk's job description or other responsibilities, but there should be an iron-clad system for mailing out records to the proper recipient and he/she was grossly negligent in doing the job properly.

To not report it because the HMO facility would not pay attention is really not a good reason, JMO, but the right thing is to report it. I would feel highly violated if my private medical records were sent to someone and they didn't feel a responsibility to report it.

Probably hoping - Old Pro

[ In Reply To ..]
YOU are not going to get him fired. HIS negligence is going to get him fired. Report him.

Accidents happen, but it is still a - violation

[ In Reply To ..]
You need to return the record, but do so to the HMO or facility's privacy officer. Prepare a letter covering yourself, stating that you returned records for whomever it was, date, etc., and ask them to sign that they received it. If they refuse, write by hand on it the name of the official to whom it was returned and that they would not acknowledge receipt. If you bring a witness, have them sign.

If you have not guessed, neither the clerk nor the HMO will mention this if they can help it.

Report the breach online. See the link below for instructions. Provide the letter as evidence.

Accidents happen, but accidents are no longer being ignored. They are considered to be negligence. Accidental incompetence is not an excuse. One here, another there, ten thousand next week. These are failures of the HMO system -- it is not taking adequate steps to CHECK AND BE SURE. Fines are being imposed. Huge fines, too, so facilities try to keep these accidents secret.

They should have someone checking the mail before it is sealed. It is easy enough.

You need to report it - clyde

[ In Reply To ..]
For all you know, the entirety of your medical records was sent to someone else and they got the addresses switched.

Return the file to the business office and speak to the supervisor in private. Then complete the report online.

Thanks all - Here's what I did...... - I called the records dept

[ In Reply To ..]
and talked to the same guy who admitted sending me the wrong records. Turns out mine were still there and had not been sent to anyone else thankfully. He asked why I didn't return the records (on Friday). I said I had to think what the best thing would be to do about this possible HIPAA violation. When he heard me say that he changed his entire attitude. He profusely apologized (of course, now) and told me he realized what a terrible mistake he made. I told him I was advised to report it. HE STARTED CRYING ON THE PHONE!! This man (sounded like an older man) was crying. OMG. Now I felt horrible. I hate that I was put in this position! I told him I wouldn't report it but that he really needs to be extraordinarily careful going forward. Yes, I KNOW I still probably should have reported it, but I just felt so damn bad for this guy--he knew he'd probably lose his job. I just have to think that this was a compromise between just returning the records without saying anything and letting him feel like he got away with it or reporting it and possibly having him get fired. I don't know if it's the right decision that I made, but I didn't ask to HAVE to make this decision.

I do have to add something. I advise anyone who is concerned about this to make sure that your SSN is NOT on your records. It does NOT have to be if you request it, though it is not always there. That would be just something ELSE to worry about if someone bad got a copy of your records.

Wow. - xx

[ In Reply To ..]
He played you like a violin. Those "tears" were very likely an act, and it worked. Now he's free to continue his carelessness.

It is very likely this is not the first time he has done something like this, especially given his initial attitude. He didn't become contrite until he knew you are aware of the law. He is likely routinely careless with records and just counts on no one knowing what should be done when his carelessness causes a breach.

I would still recommend reporting the incident to the HMO HIPAA compliance officer. If he loses his job, it is because he has no business handling other peoples' personal, private, protected information.

And how do you know he didn't send your records to someone else? Just because he told you he didn't? How much do you trust someone like that? I wouldn't trust him an inch. You might want to do a little more checking to make sure he was telling the truth.

This should not be a huge emotional - burden

[ In Reply To ..]
for you or anyone else who is on the receiving end of someone else's incompetence. The guy was clearly a practiced con artist and counted on being able to make you feel bad for him.

People like him count on others, especially women, caring more about being "nice" than doing the right thing.

You didn't cause the problem, he did. The consequences are his problem to worry about, not yours.

Report it.

Guess where YOUR records are ... - you fell for it!

[ In Reply To ..]
I think you need to educate yourself about privacy, security, and HIPAA, because whatever you have taken so far didn't teach you very much. You need to know more than you do, or YOU should not be in this business.

Why, when you asked for advice and we told you the correct way to handle it, would you ignore it??

You completely missed WHY we told you what we did.

I am very familiar with the processes used to send out copies of records, so I'll be happy to tell you what you just did.

We said to report the BREACH of privacy in writing to the HMO Privacy Official. Yes, there IS one because the law requires it and that is what they are for. We told you that because (1) it is correct and (2) it is the only way for YOU to find and protect YOUR record, which right now could be ANYWHERE.

Of course Mr. Careless told you that your records were still there! Did you really expect him to say that he processed 200 requests that day and that any one of them could have contained your records?

We told you to report it online and to the Privacy Officer because that is the only way to GET YOUR RECORD BACK and know WHO HAD IT. Yes, they need to know who had it and what they did with it. They need a record of that for your protection in the future.

Amazingly, even without a SSN, someone can loan your HMO number to a relative, who can then get healthcare in your name. It happens.

So, the Pollyanna Solution didn't do anything to help the HMO improve and only ended up hurting future patients, in addition to you. Good luck in 6 months when you discover your identity was stolen.

Isn't everything ever-so-nice when we just put feelings ahead of the law tra-la?

I would have done same as you. The man crying would be sm - acuteMLS

[ In Reply To ..]
more than I could bear and I would not have reported it.

You're a kind person.

The kindest thing - to do

[ In Reply To ..]
would have been to allow him to experience the consequences of his actions. He got away with it this time, and has probably gotten away with being careless before by counting on the weakness of the other person. It wasn't kind, it was weak and irresponsible.

He hasn't learned anything from this other than that he has a talent for manipulating weak people.

His tears were likely phony anyway. He started off being flippant or even a little confrontational, trying to put the OP on the defensive. When he learned she was knowledgeable about HIPAA, that's when he changed his tune and became "upset."

He knew exactly what he was doing, and it worked.

I prefer to offer the benefit of the doubt. If you read my posts sm - acuteMLS

[ In Reply To ..]
on the Nuance board, you'll see I'm about as cynical as it gets. This situation, however, calls for kindness and the benefit of the doubt.

You must not have the ability to put yourself in the position of a clerk who has 6 jobs lumped on to him due to budget cuts. Things get mixed up, mistakes are made. This is not some big conspiracy to purposely send records to incorrect places.

I would not report it. - karma is a bitch

[ In Reply To ..]
could be you next time

On the other - hand

[ In Reply To ..]
It could be your records next time, or your identity, or something else you value. The organization needs to know. The problem might be in the procedures in place for handling and sending records, and revising the procedures could prevent future problems. They can't fix a problem they don't know about. If it's not reported, it will just keep happening. Maybe to you.

Also, Joe Schmo is entitled to be informed that - YOU saw his records.

[ In Reply To ..]
But, because you tried to sweep this under the rug, he can't receive the protection the law affords him.

I am sure you still think this went far enough under the rug, but it didn't.

What happens when the person who got YOUR records shows up to turn them in? It will be obvious that his records went to you. There is a log kept of disclosures. It isn't some random process.

What do you plan to say when they call? You only have two choices, it seems to me. Lie and deny everything, or admit that you aided Crocodile Tears in violating the law.

Oh, what tangled webs we weave when first we practice to deceive ...

I would make a written report - Nick

[ In Reply To ..]
and send it to the HMO's Compliance Officer. The privacy you protect is your own!

To OP - sm

[ In Reply To ..]
Well, I am not going to beat you up. I am a very black/white right/wrong kind of person, but I probably would've done what you did after the guy started crying -- given him one more chance. I realize it was a HUGE mistake, but we all make mistakes. My husband was sent somebody else's medical records a few months back. When we called the outpatient surgical facility, they too acted like it was no big deal and just asked us to shred the records which, of course, we did. I hope Karma is in the works and that your records actually were not sent to somebody else. I know I'll get bashed for my response to you, but here is my story. Almost 30 years ago while working as an MT in a pathology lab, I made a HUGE UNFORGIVABLE mistake. Of course, it was unintentional on my part. I was overworked and tired, and I know that was NO excuse. When I was called into the lab director's office along with the pathologists, you can bet I started bawling, and it was NOT fake. I was mortified for being so careless and stupid and causing who knows what agony to the patient. However, I was not fired (I suppose because I was a great employee otherwise). Obviously, to this day, it still upsets me to think about what I did. I have never forgotten that and try to remember we are all human. So, don't beat yourself up over what you should've done or if you did or didn't do the right thing. It's over, move on. Maybe your act of kindness really will make a difference in the records guy's work habits (and maybe it really was just a one-time mistake like mine was). Hope you have a good day.!

Thanks for that....I was really feeling bad - after all the bashing

[ In Reply To ..]
and wondering if I did the right thing. Like I said, I did not ask to be in this position. As for the ones telling me that my records probably went somewhere, I have proof that it did not happen. Also, as soon as I saw that those records weren't mine, I shoved them back in the envelope. I am NOT a gullible person -- I was not duped or suckered like a lot here think...he really did convince me to give me another chance. I said a lot more to him than I wrote here. I think he is at the very least humiliated and hopefully it will make him be more careful. I am not trying to get an old 60-something-year-old man fired. I don't want that on my conscious. If I thought for a second he was pulling my chain, I would have turned him in. And it is NOT my job OR obligation to do that.

Thanks again.

You keep saying - that

[ In Reply To ..]
you didn't ask to be put into a position of having to make a decision. That happens to everyone every day. Sometimes you have to grow a spine and do the right thing. The person who caused the problem is responsible for the consequences of his actions. You bear the burden of the consequences of yours.

What will you do if you're ever on a jury?

Whatever scolding you gave him was of no consequence. He still got away with a significant breach of privacy. Without any meaningful consequences, he will do it again, guaranteed. It doesn't matter what you did with the records you received. The fact that you received them at all was the issue. How you feel about it is irrelevant.

As someone else pointed out - the

[ In Reply To ..]
person whose records you received has a right to know his/her records were mishandled. That is where your concern should lie, not with the incompetent and careless individual who committed the infraction. If you witnessed a child being molested and the molester cried, would you feel bad for him and not report it, just let him go on his merry way?

Yeah cause a mistake in handling records - and child molesting

[ In Reply To ..]
are in the same category. Geesh

Culpability - Meh

[ In Reply To ..]
At MTEC, I was taught that in a case like this, you too would be deemed culpable for not reporting but covering for the other person.

HIPAA is violated - every day in India

[ In Reply To ..]
Our records should have never been allowed to go overseas. I hear people's private information every time I go in a pharmacy. The little "window" at Walmart doesn't stop anyone from hearing about your meds and your name. Ditto at the doctor's office/receptionist's desk. HIPAA SCHMIPAA.

Related to someone who deals with India for her MTSO. The MTs get NO - pt info, they just hear the body SM

[ In Reply To ..]
of the report. Management are the only one that see pt info, those ppl that have a higher interest in the company being in places of responsibility and with higher pay.

Yeah and that stops them - from violating HIPAA

[ In Reply To ..]
get real

It's your right as a patient to know who has viewed your medical record - clyde

[ In Reply To ..]
If I was you, I would request a written report regarding who has viewed or received your medical record in the last month. Your HMO has to tell you who has viewed your record, and if it was sent to the wrong person they have to disclose that to you (just like you having received the medical records for someone else will be on that patient's record). Unfortunately for you, that also means that if the patient whose records you received asks for the same, they will find out that you were sent their records.

I'd ask for who viewed you records just to be on the safe side. If it turns out that your record was sent to the wrong person in a switch of medical records/addresses error which I believe is the most likely case here, you can then report the HIPAA violation if it turns out the guy who sent you the wrong records lied to you.

In any case, I'd check your credit report and accounts carefully for the next several months.

I'm the OP and to that I say...my - credit report has a

[ In Reply To ..]
freeze placed on it by myself. No one, not even myself unless I unfreeze it, can open credit in my name.

All I can say is that I did learn something in this mess. Not sure if I did the right thing or not, but I do know at least for myself that for the poor guy whose records I got -- he is lucky I am the one who got them and returned them without so much as scamming through them for a second...if someone else would have gotten them, can't be sure of the same. If this ever happened again I think I'd just go ahead and report it. Thanks all.

Why do you think your records were not sent out - to someone else???

[ In Reply To ..]
Why exactly do you think you can "prove" your records were not sent out? Because Mr. Tears said yours had not gone out yet?

Sorry, but your records went out at the same time. Yours were not sitting waiting for the time it took to deliver the others to you. Nor would your address have been available.

I know how this works. Here is what happened ... There was a big stack of envelopes, all pre-addressed and ready to go. There was a big stack of photocopied records. Yours were right next to the other guy's. Mr. Tears got off track by putting 2 records in 1 envelope, or he had 2 envelopes with the same address.

Similar Messages:

May 27, 2010

and paid to have them sent to me. The last 20 pages were someone else's medical record. I called the records dept and told the clerk, and she acted like it was no big deal and could I bring them back? At first, I just wanted the extra 5 bux back that I paid for these (5 bux per 20 pages is what they charge). Then I wondered if someone else got a part of MY medical record? She assured me not. This really sounds like a big fat HIPAA violation and I think th ...

Nov 11, 2013

I posted earlier about a HIPAA violation I believe the company I am subcontracting for is committing. I'm considering filing a complaint, but not sure what this would entail. Before I go too far into it, has anyone filed a complaint against an 'employer,' for lack of a better term, as I am a subcontractor & not an employee? This issue is weighing heavily on my mind. I do have proof of emails sent back and forth that are not encrypted or secured in any way containing reports with t ...

Jun 22, 2010

x ...

Jun 26, 2010

So today I get a letter from BCBS of GA. Whoops, they had a security breech on their website. Someone "may have" gotten acccess to my name, SS #, and credit card info. They made "security changes to prevent it from happening again". They are offering me one free year of "identity protection" under Debix Identity Protection Network (has ANYONE out there every heard of this company?). They want me to leap on to the DIPN website and give them all my information so they can prote ...

May 26, 2013

So I just took a HIPAA course regarding the "new rules" regarding our liabilities and obligations under the law. I often get dictations by doctors who are obviously working at home with their kids running freely (and loudly) through the room, and perhaps a caretaker's voice now and then. If its a HIPAA violation for ME to have other people listening to dictation, isn't the doctor dictating in the presence of others who obviously have no business hearing that dictation a rep ...

Oct 15, 2014

I think this really should be reported and looked into, as long as we're all supposed to be taking HIPAA so seriously. And, no, it doesn't matter what the violation was, I'm not posting it here for everyone to argue over the dirty details. ...

Nov 11, 2009

Anyone experiencing HIPAA violation threats of fines/termination? ...

Nov 30, 2011

My sister has recently taken on the task of medical record compliance at her husband's dental office. They are electronic (just going that way), and she is trying to be HIPAA compliant. I know this doesn't concern transcription, but I though maybe someone has an MR person in their office who could direct her to a blog, or website where she could get information. Thanks! ...

Feb 18, 2010

Or would you simply type "obtain records..." ...

Oct 29, 2009

Hi, I need a quick check on HIPAA rules. With respect to the health care debate, I want to write to my senator, etc., about a situation with a patient I transcribed on. The only info. I intend to give is that the patient was a: Russian immigrant, on welfare and receiving Medicaid benefits--when he should not have. He and his "sponsor(s)" was responsible for his care and living expenses. Further, I transcribed a note in which the doctor said that this patient wanted to re-sched ...

Feb 25, 2013

the capitalize first letter of each sentence function. I don't know how I did it or I could probably turn it back on. ...

Feb 21, 2015

report to upload. I hope that automatically pends to QC so it doesn't go to the client like that. To the QC who gets this report...I apologize! I hope you don't have to edit the report--hopefully you can send it right back to me? I alerted my TSM in Spark and he just said "don't worry it will autopend." ...

Nov 19, 2009

I cannot find anything on this junk desk!!!!! Please help!!! ...

May 16, 2011

I was working on some macros and needed a command for changing text to Arial 11. I'm thinking "hmmmm, Arial, A." Let's make it Alt+A. Does it tell me that's already assigned to something? Nooooooo. I totally forgot it's part of the spell checker commands. So now, when I do spell checks, I don't have the option to add words to the dictionary. How do I get Alt+A back to it's original state? I deleted the macro I'd made, ...

Aug 10, 2011

To make a LONG story as short as possible... Background info: I am an MT who works from home for a hospital. I have full-time employee status, and we do have a Union. After several years of working onsite, I finally started working from home in May of this year. I am not a "Medical Records" MT. I was/am considered a "specialized" MT as I was hired to transcribe for two different specialties (20 hours each week for both spec ...

Apr 08, 2010

I received an email too 2 days ago from ccm needing an explanation of why I had a patient's report open when I was not actively transcribing. I know there was a night when I had signed out and I had a window still opened that I did not realize was opened. I had minimized the window in case I needed the document again to refer to. Geesh. sometimes I don't even feel like wasting my time to search old reports. I feel like its constant harrassment lately ...

May 14, 2012

x ...

Sep 04, 2014

Hi I posted this once but not sure if it went through. I use Olympus Transcriptoin Kit and can usually transcribe any type of voice file by dragging it into the system. One of my doctors accidentally encrypted his dictation and now my transcription module asks me for a password to decrypt it. The problem being of course he doesn't even know how he did that and I am not sure how to get this encrypted from here. I don't think I can do it on my end and to ask him to figu ...

May 10, 2015

I have tried to train my brain to use Save As to prevent saving over my templates but I still save over them all too often. I am using Instant Text but still don't have shortcuts for a lot of my doctors in there yet. Any advice is much appreciated. ...

Dec 22, 2009

I guess its not really something new, but as I was visiting a friend in the hospital yesterday a doc was sitting at the nurse's station just dictating away. I clearly heard patient's name and identifying info and her entire medical history while standing outside the room waiting for nurse's to finish with my friend. ...

Apr 07, 2010

Has anyone else gotten a HIPPA violation for referencing old reports when typing an ESL ? ...

May 31, 2011

off. Thx. ...

Apr 21, 2010

Hello, One of my friends here at MQ was just put back on 100% QA after one bad audit. Now, due to First Time Right, she will be making 3 cpl less for ALL HER LINES since it all is going to QA - except for that 10% allowance that she has. This is just SO not right!!! How is anyone supposed to live on a pay cut like that? For 8-9 cpl, it's a 30% pay cut! Is this reportable to anyone? (If anyone would care...) What can we do about this - besides quit? ...

Aug 02, 2010

The daughter of a friend of mine works in the clinic that I worked at for 18 years in medical records is known to read charts and then tell others about what she has read. For example, someone who has an STD that she knows, she has told lots of friends about it and I have heard it myself. Does anyone have any idea what happens when you report someone for a violation? I am sure that they take the person's name who is reporting it but can you tell me what else is ...

Dec 15, 2012

Recognized as top career choice by US Dept of Labor Statistics, "employment of medical transcriptions is projected to grow faster on average compared to all other occupations through 2014." In addition, with new health care legislation, adding nearly 50 million people to health insurance will definitely increase the demand for more transcribers. What a crock. ...

Oct 21, 2013

I no longer work there and need to get in touch with them. Need a copy of W2 and did not have to file a tax return because I did not make enough and do not have a copy of the W2. Need it for financial aid. ...

Sep 23, 2014

Not sure if I'm just drawing a blank or if I'm going crazy (or both), but didn't our old email system (before IPSWITCH Imail Server) have a bunch of different sections, specifically how/where to contact Human Resources? Can't seem to find it anywhere and the old email system won't let me log in....? ...

Jul 19, 2011

Alerting the Department of Labor has been bandied about regarding the unfair and unjust treatment that MTSOs like to dole out because they think they can get away with it, and we have, in a sense, just rolled over and let them for fear of job loss or being the troublemaker if we spoke up. Perhaps it is time we find out if we have legitimate issues here and maybe something can be done about them, such as: 1. Not being paid for spaces. 2. Not being paid for demographics. ...

Aug 07, 2012

Off-the-Clock References The Fair Labor Standards Act (FLSA) requires that covered non-exempt employees receive at least the minimum wage and at least one and one-half times their regular rates of pay for hours worked over 40 in a workweek. In general, "hours worked" includes all time an employee must be on duty, or on the employer's premises or at any other prescribed place of work. Also included is any additional time the employee is allowed (i.e., suffered or permitted) to work. The amo ...

Mar 07, 2013

Hi. I am in my third week of employment as a coder! Yay! I am learning a lot, still going to school FT, and commuting 1 hour each way to work. I am the "low man on the totum pole." We are starting to train for Epic which is supposed to be going live in a few months. Has Epic affected the work load in that there is a reduction of coders/transcriptions where you work? Just wondering. I do other clerical duties such as pulling charts, abstracting, and ...