It’s everywhere. From the MyFitnessPal data breach to the public upset stemming from Facebook’s privacy scandal, society is no stranger to leaked personal information. Now, more than ever, people are concerned about the way companies are storing their personal records — and the healthcare industry is no exception. Thankfully, HIPAA has set a standard to ensure private health records are protected.
Achieving HIPAA compliance is no cakewalk, though. Take a look at what HIPAA stands for, why it’s important, and how it plays a crucial role in all healthcare organizations, including senior care facilities.
What is HIPAA?
HIPAA stands for the Health Insurance Portability and Accountability Act. It’s a United States law devoted to protecting patients’ medical records and additional health information through strict privacy standards.
Why is HIPAA Important?
Since the Act’s creation and implementation in 1996, it has delivered numerous benefits to health professionals and patients alike. Some of the benefits include:
- Giving patients control over their own health information
- Setting boundaries for health record use and distribution
- Establishing safeguards that force health care providers to achieve certain levels of privacy for their patients’ health information
- Holding violators accountable for violating patient privacy rights
Thanks to HIPAA, patients have the ability to find out how their health information may be used and limit the release of the information. It also provides patients the right to examine and receive a copy of their own health records.
How Has HIPAA Changed the Healthcare Industry?
While the privacy act has produced many major benefits for all involved parties, it has also created challenges for the industry such as:
- Limiting New Research — Healthcare researchers face restrictions since they can no longer freely conduct studies based on patient chart data unless the patient releases the information to them specifically.
- Consuming Precious Time — Prior to HIPAA, healthcare providers had the ability to freely share patient information with other healthcare providers. Now, patients must give permission to providers to share information. This may take more time for critical information to transfer into the correct hands. Within that time, it’s possible for a patient’s health to deteriorate.
- Creating Organization Hesitation — If there is ever a compliance violation, the organization in question must pay hefty legal fees. This has forced healthcare facilities to become overly cautious about sharing patient information even if/when the patient has given permission for them to do so.
- Increasing Healthcare Costs — The cost of healthcare has risen due to the necessary employee training and certification programs, as well as the added time and labor required to complete compliance paperwork. Plus, there are additional fees for consultants that regularly check organizations for HIPAA compliance.
Who Must Be HIPAA Compliant?
Any operations, businesses, or organizations that handle protected health information (PHI) are required to comply with the set standards. The following must be HIPAA compliant:
- Health plans such as Medicare, Medicaid, and company health programs
- Healthcare clearinghouses such as billing services that collect health information and process the data
- Health care providers like physicians, surgeons, dentists, clinics, nursing homes, hospitals, and pharmacies
- Business associates such as data processing firms, data storage companies, document shredding companies, and medical equipment companies
Are Senior Care Facilities Required to Comply with HIPAA?
While nursing homes are specifically called out in HIPAA’s guidelines, not every senior care facility is held to HIPAA laws. Each community has a different business model with their own regulations. However, a majority of facilities still strive and achieve HIPAA compliance even if it’s not specifically required. This is because HIPAA has been established as best practice and following the guidelines ensures respect for residents’ privacy.
In general, assisted living facilities are not considered “covered entities” under HIPAA. Muddy waters arise if those facilities have certain departments or sections that work with hospitals and healthcare providers. If that’s the case, they must comply with HIPAA.
For communities that require compliance and are held to HIPAA regulations, keeping each resident’s medical history or status private can be difficult. As residents and staff members spend a considerable amount of time together and become close, their stories and discussions can lead to accidental leaks of private information.
How Do Senior Care Facilities Achieve HIPAA Compliance?
Assisted living and retirement communities maintain HIPAA compliance through a number of ways, and the list continues to change with technology innovation and the increase in data breaches. Here are a few ways communities work to comply with HIPAA:
Boosting Internet Security
Most facilities have abandoned traditional, physical paperwork filing and turned to convenient, computerized systems. While computers have made transferring information quick and easy, having confidential data on computers increases vulnerability when it comes to hackers and cyber attacks. To comply with HIPAA, facilities must have all of the required software and firewall applications in place to block malware, ransomware, and phishing attempts.
Requiring Staff Training
Training all staff members on HIPAA guidelines and requirements is an essential part of maintaining compliance. Each employee needs to take courses demonstrating how to effectively protect the privacy of patients and/or residents, such as our online eLearning confidentiality course. A HIPAA caregiver training guide is also available, allowing staff members to continuously reference privacy guidelines within their individual packets.
Creating a Plan for Possible Breaches
Even with added security and required training, data breaches and privacy violations are possible. Senior care facilities should have a management process if there is ever a breach or incident. They must be able to track the investigation and prove it was fully completed. Facilities should also have a way for their employees to report incidents anonymously.
Residents, excluding the staff, talk among themselves about each other’s conditions. Are the residents bound by HIPPA? Or is it just the staff? Can residents be accused of violating the law when so doing? Do state laws vary with this exact situation? I live in Missouri.
Diana, great question! It is not up to the facility to determine what residents may or may not discuss among themselves. Staff, health care employees, doctors, nurses, and even volunteers are bound by the guidelines set forth for patient confidentiality. Having said this, if you feel that one resident is sharing too much information about a fellow resident and this is causing embarrassment for that resident, having a quiet conversation with this person is probably in order. Gently explain that the information they are sharing is private. That should do the trick. If not, then possibly having a discussion with a family member might be the next step. Thanks for reaching our and for reading our blogs. Our HIPPA booklet is currently on sale.
If you live at Heartis a Senior Independent Living facility. As a new resident does HIPP restrict or band the facility from introducting new residents to current reisdents,the new resident taken on a tour of the facility and activities or residents forming a Welcoming
Committee. Does any of these above introductions to a new resident violates any HIPP rules? If a new resident gives permission for these services, is the facility violating HIPP?
Hi Cheryl, thank you for your question. HIPAA prevents you from sharing a residents personal or healthcare information. Simply introducing one resident to another resident should not present any conflicts with HIPAA, but to be as safe as possible, only provide the introduction, but then let the resident decide what information they may or may not want to share. We hope that helps!
I am a home health care nurse. I have a patient who needs daily weights. She lives in assisted living and facility stated they could get her daily weight but would not leave the data in room because of HIPPA. This doesn’t make any sense to me? Advice please! Thankyou
Hi Tina! Thanks for reaching out! The HIPAA privacy rule has standards in place to ensure that an individual’s medical records and other personal health information is protected. This is probably why they refuse to leave information in her room where other people besides you may have access to the info. Does the resident that you’re working with have a shared room or a roommate? In any case, it may be easiest to stop at the nursing station on your own and get her daily weight from them directly. Hope that helps! If you need more specific information on HIPAA you can see more about regulations and compliance at the US Dept. of Heath and Human Services website: https://www.hhs.gov/hipaa/for-professionals/index.html
What is best practice for NOT allowing residents, damily members & visitors in to a nurses station/med room in assisted Living facility?
Hi Renee, thanks for reading our blog and for reaching out! This is a little trickier to answer, just because one facility’s best practice may not work for another facility. One solution may be to have the door to the nurses station/med room locked or secured at all times. It may help to have signage directing all visitors to speak to the receptionist or a co-worker should they need to speak to a nurse. If this doesn’t do the trick, it may also help to have something posted as to why the nurses station is a secured area. For example, a sign on the nurses station door that reads “Please see the receptionist if you’d like to speak to a nurse. We are very serious about protecting our residents’ private information and this area is not open to family or visitors. Thank you for your help in keeping our residents’ information safe!” Good luck finding the right solution for your community.
I work in a residence based assisted living. We have monthly meeting to discuss client related issues with personal care staff and nursing agencies. Is it appropriate for a CEO or COO wit a non nursing background to be present at these meetings. We are discussing health care issues, not business related.
Hi Denise, thanks for your question! When it comes to HIPAA, the main thing you want to remember is that you shouldn’t share a resident’s private health information with people who are not involved in their care or who simply don’t need to know. With that said, it may not be inappropriate for a CEO or COO to be there for a healthcare related meeting, being that they may play a part in finding solutions. Maybe you’re discussing an increase in pressure sores in your community, and maybe it’s due to a lack of proper training or a lack of staff, maybe you need different educational resources, etc. – and maybe that all trickles down to the CEO or COO at some point. Being that they have a major role in the company and the residents’ well-being, it is ok to have them attend meetings, whether they have a nursing background or not. Keep in mind that these kinds of decisions should be made on a case-by-case basis, and if you think you’re going to be discussing something that should not be shared in a large-scale meeting, consider withholding names or specifics, or take other actions to protect a resident’s privacy in a way that still allows you to discuss an important matter. I hope this answer helps and if you need more information, they have a lot of specifics at https://www.hhs.gov/hipaa.
I am an Occupational Therapy based in Southern California where I work in a Skilled Nursing Facility. The discrepancy between therapy, nursing staff, and even family/friends in relation to patient care has me very concerned at times. Often times I will see nursing staff, family, or friends attempting to assist a patient who needs a certain level of assistance between transferring, no adhering to strict precautions (such as non-weight bearing to a certain body part(s), or even simply giving regular texture food to a patient who is on a strict puree or chopped diet. Coming from a hospital where it was common for us to have a communication board in the patient’s room (such as all the sections noted above and more from various staff; physical therapy, occupational therapy, speech therapy, etc), I have always wondered why SNF’s do not have that same option? Is there a difference in how HIPAA is applied to nursing homes? Is a “communication board” allowed in a patients room (where many SNF’s share 2-3 patients to a room; therefore, there would be 2-3 communication boards. I understand the purpose of HIPAA but I wonder how it applies to a nursing home setting and if so, how is it different that a hospital? I would like to leave notes in the patients room for nursing staff, family, and friends (when I am not present to educate them), however, I am unsure if this would be breaking HIPAA guidelines (in California). I have tried to research for these answers but without any luck, hope somewhere here can be of assistance. Thank you!
Hello and thanks for your question! Communication boards can be a great, but tricky tool to manage when it comes to HIPAA. Facilities that post a resident’s private information in a visible area have more than likely gotten permission or an authorization from the resident. Along with that, every effort should be made to post the minimum necessary information and to have it posted where critical persons can see it, but away from heavy visitor traffic. A communication board shouldn’t divulge a resident’s condition or diagnosis, but you could leave notes like “please see a nurse/therapist when transporting Mrs. Doe,” or “talk to a nurse before sharing snacks or a meal with Mr. Doe.” This kind of general note does not break any rules of HIPAA. Leaving a note like “Mrs. Doe has a right hip fracture and needs a 2 person assist” would not be appropriate to write in a space where persons who are not part of the care team could see. If you feel you need to leave more detailed notes, it might be worth a conversation with the facility administrator, they may be able to keep your notes in a private location and simply post something on a resident’s door, like “Please see the nursing team before you visit with Mr. Doe,” that way they could divulge necessary information only to those who would need to know during their visit. Hope that helps; HIPAA is tricky to navigate when looking online, but there is a lot of great information at http://www.hhs.gov/hipaa.
I work at a home for the aged (assisted living) in Michigan. The new administration is not giving the care team staff any information on residents especially ones who have something say like COVID19, C-diff, she told all the staff it is none of their business and the should be lucky she provided a mask. Is this legal? When I got hired in they went over a confidentiality form and I had to sign it.
Hello and thanks for taking a moment to read our blog and reach out. When it comes to sharing resident information (especially when it’s related to an infectious disease), anyone who is a direct part of a resident’s care should be allowed to know health information that is critical in helping to provide the best care. Sharing this information should be done with the utmost caution and it should only be shared with those who will directly be working with the resident. Proper precautions (like sufficient PPE) would need to be taken to protect the resident and the co-worker, which means a caregiver would need to know what they’re working with. According to OSHA clauses, a company is required to provide a safe workplace, which should include proper PPE. I’m not aware of the specifics regarding your situation or your facility, but I hope that these points help you to resolve the problem you’re facing.
So I was working for A home health agency they fired me for a wrong reason and the client wanted to hire me on private pay and they fired the home health agency
Does that go Against any HIPAA violation on my part????
Hello, thank you for reading and reaching out. Unfortunately, I’m not able to speak to whether or not this was related to a HIPAA violation with the information you provided. HIPAA regulations are specifically related to sharing a resident’s personal information inappropriately with those who do not need to know. Any violation of this in accordance with HIPAA regulations or policies held by your facility may punishable by termination or criminally including substantial fines. You can find more specifics on HIPAA violations on the government website, simply follow this link: https://www.hhs.gov/hipaa/index.html.
Best of luck with your situation.
Hello,
A board & care is requesting patient information from our home health agency about a patient we are currently seeing. Can we send them patient information without some type of authorization?
Thank you
Hello, thanks for your question. Sharing a resident’s personal health information between organizations is addressed in the HIPAA Privacy Rule, which was issued in 1996. The Privacy Rule sets standards for how a resident’s health information is used and shared – the major goal was to protect a resident’s information while still maintaining flow of information that would be needed to provide the best care and well-being of the resident. For more specifics on sharing health information follow this link: https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html
We hope that helps! Your company may also have specific standards or policies that dictate what should be completed to safely share a resident’s health information.
Hi, I have volunteered in the past to visit people in nursing care facilities. Now that visitors are not allowed, I am interested in visiting via Zoom. I called a couple of nursing homes and one of the activities directors said it would be a HIPAA breach to connect residents to non-family members via Zoom, but she would welcome me to visit in person after the pandemic ends. This didn’t make sense to me. Is there a HIPAA rule against connecting nursing home residents with non-family member visitors?
Hi Rebecca, thanks for reaching out. This is not something that we are aware of; this may be the company’s individual policy, but I do not believe this would be a HIPAA violation. Browsing through the HHS.gov website, didn’t turn-up anything that discusses this as a potential violation, especially since many communities and families have made the jump to trying telehealth for non-emergency medical issues. It seems we are all connecting virtually more than ever. The US Dept. of Health and Human services has an entire page dedicated to HIPAA and Covid-19, here’s the link: https://www.hhs.gov/hipaa/for-professionals/special-topics/hipaa-covid19/index.html
As long as your zoom call doesn’t disclose a residents personal health information or private information (like their name, address, etc.) then there should not be an issue with violating HIPAA. I hope that helps and good luck moving forward!
My mother lives in an assisted living facility. She recently came home from the hospital, and as a result, was put in quarantine until another COVID-19 test could be administered and come back negative. As of yesterday morning, she was cleared with a negative COVID-19 test. That evening, she went to dine in their dining room only to be told, by the health director, that she was still on quarantine and that she needed to go back to her room immediately. Apparently, the staff had not been notified of her negative results. This confrontation happened in front of several other staff members and residents. Needless to say, she was humiliated and upset.
Would this be considered a violation of HIPAA?
Hi Thea, thank you for reaching out. I’m sorry to hear that your mother had an upsetting experience. Unfortunately, I’m not able to speak to whether or not this would be deemed a HIPAA violation with the information you provided. While it may have been preferable and a good best practice to have this conversation off to the side or in a more private location, depending on the details of the conversation, it may not rise to the level of a HIPAA violation. It may be helpful to look at the US Dept. of Health and Human services website, which has an entire page dedicated to HIPAA and the handling of COVID-19 information specifically. Here is the link: https://www.hhs.gov/hipaa/for-professionals/special-topics/hipaa-covid19/index.html.
I hope that this helps and that you and your mother are both healthy and doing well!
My mother lives in a nursing home. As she ages, she is becoming more and more confused and unable to discuss her condition. She called me after having stayed in a hospital, during COVID and was unsure of what had happened or why, only that she had had a heart attack. I called the nursing home to follow up and was told that, due to HIPAA, if I was not power of attorney, they could not tell me anything about her condition and would not notify family when she enters the hospital. Is this accurate? It is my understanding that she should be able to fill out some type of waiver or consent to contact family. Please note, my mother was told that we were contacted.
Hi Sarah,
Thank you for reaching out. I’m sorry to hear that your mother was in the hospital and hope that she is recovering quickly. Each facility typically has their own policy around contacting family in addition to following HIPAA guidelines. Generally speaking though, they will only contact and share medical information with the power of attorney, unless someone else has been appointed as an approved contact. If someone other than the power of attorney is added as a contact, they would typically be added by the resident and/or the power of attorney. In addition, it’s important to note that in most situations, a facility will only reach out to the POA when a resident goes to the hospital regardless of how many contacts are approved. If they are unable to reach the POA, then they will likely reach out to another approved contact. I would recommend that you touch base with your mother’s power of attorney and facility about how you can be approved and added as a contact going forward.
We wish you and mother all the best!
Hi i work a a skilled nursing home, If i posted a list every month at the nurses station that has the resident last name, room#, appointment date and time so the nurses on the unit will no who has an appointment for that day. Is that a HiPPA violation?
Hi Diane,
Thank you for reaching out. We would not recommend posting this type of list at the nurse’s station. Any document with names and medical information, even if it only relates to appointments, is protected and should be kept in a secure location.
We hope this helps!
I live in an assisted living facility currently and am crafting a newsletter. I wanted to have a section of remembrance for those who have passed, but was told I couldn’t list their names be cause of HIPAA. Why? Our names are on our doors. The newsletter would be an in house document, not for outside distribution. Why am I not being allowed this?
Hi Chris, thank you for your question. HIPAA does prevent you from sharing a residents personal or health information with those outside your community and your community may have additional policies that restrict the sharing of certain information in -house. In this situation, I would recommend that you check with your administrator to see what information you may or may not be allowed to share, specifically for in-house materials. You may be able to share the resident’s first name and last initial. Checking on your community’s unique policies or regulations would be the best first step. Good luck, we hope that helps!
I am a resident of a senior living community. For several years prior to retiring, I worked in county government as an emergency management coordinator responsible for reviewing emergency sheltering applications submitted by residents which included medical information. I was required to follow HIPAA guidelines and was subject to discipline, including termination, if I didn’t. As a result of that work experience, I’m one of only a very few residents of our community who know about HIPAA,CME or PHI.
Our community has independent living, assisted living, and memory care, and provides podiatric, occupational therapy and other health services through local providers to residents at all levels. I realize that the HIPAA requirements for senior communities are not as clear cut as with other types of facilities, but this is my concern.
Our management team made arrangements with a major pharmacy to administer the COVID-19 vaccination to all residents who requested it. We completed the consent forms and submitted them to the receptionist. Last Friday, January 22nd we received our first vaccination. Unfortunately while we waited in line, I discovered that an employee of our community handed our consent forms to a teenage girl who is the granddaughter of one of the residents. Our consent forms contained our full names, addresses, telephone numbers, e-mail addresses, name of our primary care physician, medical conditions, and health insurance information.
I informed the staff today that I do not want anyone other than staff or the people administering the vaccine to view my information.
Do I have grounds for a complaint, and who do I report this to?
Thanks for your time.
Hello, I am a care coordinator for a home healthcare company. Is it considered a hipaa violation to text message employees regarding scheduling using patients initials? For example “can you help H.L. On Friday ?” Would using their initials only still violate hipaa?
Hi J,
Thank you for your question. Generally speaking using initials is okay and would not be considered a HIPAA violation. We hope this helps!
I see patients for physical therapy in senior living facilities. Am I required to disclose patient’s name at the front desk when asked whom I am going to visit after being told the facility requires it? The facility does not have a business associates agreement with my company. Thank you!
Hi Denise,
Typically facilities require you to state who you are visiting as a safety measure. This allows them to know who is in their facility and visiting in case there is a concern and also helps them to account for and locate everyone in the event of an emergency. If you have specific concerns about the questions that you’re being asked or the agreement that your company has with the facility, I would recommend speaking to your supervisor and/or the administrator of the facility. I hope this helps!
`My mother has an apartment in an independent retirement community. She receives no healthcare service except when she uses her call button when she falls or has a medical emergency. The facility also provides personal care on another floor of the building.
Because of her frequent falls and a medical situation one night, I asked the Wellness Center for a record of the number of her falls and when they were. I also asked about the medical emergency because EMTs were called to assist. I was told by the Director of Operations that I was not allowed to have that information because she was independent living. Is this correct? I thought residents had the right to their own records. I am her power of attorney for health care and the facility knows this.
If you cannot help, can you direct me elsewhere?
Thank you for your time.
Hi Fran,
I’m sorry to hear that your mother is having a difficult time. Based on the information you’ve provided, if you are her healthcare power of attorney there shouldn’t be an issue with you gaining access to her information. I would recommend speaking to the administrator regarding your concerns and they should be able to assist you. I hope this helps!
I work in a home health agency and we partner with several assisted living facilities. We are given access to their electronic medical record software to access information about patients however with this access we are also able to see other residents chart (aside from our patients) by simply typing any name on the search bar. My question is: 1. Is this a HIPAA violation that we are able to access entire facility EMR? (although we only look up our current patient) 2. Is it a HIPAA violation to access facility fall reports and are able to see all the residents who had recently fallen including patients that we don’t have on caseload
Hello,
Thank you for your question. While giving access to electronic medical records is common for those that are involved in the care of a resident, in general I would say that you should only have access to the residents/patients that you are seeing. I would recommend speaking with your supervisor and/or the administrator of the facility regarding your concerns. I hope this helps!
So, as you mentioned to Cheryl earlier, “HIPAA prevents you from sharing a resident’s personal or healthcare information.” Would this include a situation where the Director of an Assisted Living Facility (which also includes a Memory Care level) sends out an email that includes all of the names and email addresses of residents in the facility, as well as family members, and guardians? Would this be considered a violation of HIPAA laws since this contains private information that residents and family members may not want to be revealed?
Hi Jeanne,
Thank you for your message. Without seeing the entire email it can be a little bit difficult for me to say for sure. Although names and email addresses are personal information, it isn’t health or medical information and it doesn’t sound like physical addresses, etc. were shared. While I can certainly appreciate your concern and would say that perhaps they should have asked for approval from each family before sharing this information, based on what you’ve shared, I’m not sure that this would rise to the level of a HIPAA violation. I would recommend speaking to the administrator regarding your concerns. I hope this helps!
My father lives in the memory care area of an assisted living facility. The staff all use the GroupMe app between themselves on their personal phones to share all types of information about the residents, including health related information. I’m concerned about the potential for violation of HIPAA because, as far as I can tell, GroupMe does not have end to end encryption in place, and all the messages are available in the app on every individual’s personal phones that they take home with them every day. This seems like a big potential problem. Should I be concerned?
Hi Scott,
Thank you for your message. Many places are finding new ways to utilize technology to increase communication and in turn, resident care. With that being said, there are a wide variety of options available and I am not familiar with the GoupMe app or how it functions. If you have any concerns at all though, I would recommend speaking to the Administrator. They should be able to share more information with you about how the app works and address any concerns that you may have.
I live in a facility that has Independent Living, Assisted Living, and Memory Care. I am in Independent Living. We receive no health care and are told repeatedly that we are not entitled to any nursing care even though nurses are here for the other units. My question is whether the facility is bound by HIPPA for the Independent Living Units. For example, if one of our residents contracts COVID we are not told because of HIPPA. That put us all at risk since we don’t know who is contagious.
Hi Richard,
Thank you for your message. I can certainly understand your concern as it relates to independent living, however nurses and other team members are not permitted to share the personal health information of anyone. In regards to someone with COVID, the team at your community should be putting something in place for that person to quarantine for the appropriate amount of time, ensuring that you do not come in contact with them. If you were in contact with them before they tested positive, the team should also have a procedure in place for notifying you or anyone else that they have been exposed and ensuring that the exposure doesn’t continue. If you still have concerns or questions about the policies and procedures surrounding this in your community, I would recommend reaching out the Administrator and they should be able to assist you. I hope this helps!
I am a resident of a continuing care facility. If there should be a birthday of a resident I have announced it over the PA system.
I am now informed that this is against HIPPA regulations. Is this true?
Hi Karen,
Thank you for your message. Yes, birthdays are considered protected health information. If you’d like to find a way to acknowledge and celebrate birthdays in your community, I would recommend reaching out to a member of the management team or Administrator so that they can assist you with finding a way to do that. I hope this helps!
Hi. This is a great article and great information. I am a home health therapist, new to home health. Many facilities have me sign in stating which client I am going to see and then at the end of my session they have me fill out a communication paper with pertinent information from the session. However I do not know who that paper goes to.
Are these breeches of hipaa?
Hi Chad,
Thank you for reaching out. Usually facilities will ask you who you are going to see as a safety measure and in case their is an emergency. As far as the communication paper, that is not uncommon either and the forms are usually designed to only be shared with those who should or can have access to a resident’s information. The goal of such forms is to help make sure that everyone is on the same page and that care is coordinated properly with everyone involved in caring for a resident. This would not be a HIPAA violation as long as the form is being shared with the appropriate parties. If you have concerns about who is seeing the form though, I would recommend speaking with your supervisor and/or the Administrator of the facility so that they can address it. I hope this helps!
I am a resident in an Oklahoma retirement community. My medical care is taken care of privately and not with the system the facility offers. I have diabetes. Even though I have adequate medical care, the facility insists that the state wants a record of all my readings. This puts an additional and unnecessary burden on me. They have also contacted my doctor about my medications without notifying me, and ended up transferring wrong information. Are we talking about a HIPAA violation here? Can the state actually require medical records from a facility when the facility is not handling my medical care?
Hi Carmen,
Thank you for reaching out. Typically when the state is performing an inspection or following up on a concern, they do have access to medical records as a way to ensure the community is handling things the way they are supposed to be. As far as your personal situation goes though, I’m not sure that I have enough information to answer this. Whether or not there is any type of violation has to do with the way things are set up at the community, where you are living within the community, their policies, etc. If you have concerns about the way your information is being handled I would recommend reaching out to the administrator and they should be able to assist you.
I hope this helps!
Amanda
A stranger who is in the same nursing home as my sister keeps walking into her room and confronting her. Is this a HIPPA violation. Also suggestions as what to do? He is pretty aggressive.
Hi Carolyn,
Thank you for reaching out. I’m sorry to hear that your sister is having a hard time. It can be hard to offer advice without all of the details, but it sounds like this is perhaps more of a privacy issue. I would recommend reaching out to the manager that helps to oversee your sisters care and/or the Administrator of the community. They should be able to assist you with this. I hope this helps!
Hello! I am a caregiver in a Memory Care Assisted living facility. Recently, our management team has said many individuals have violated Hippa by doing their care tracking on their phone. Our phones are much faster than the provided devices. It takes one third of the time to do it on the phone in compared to the dated devices. As many know, we have so much to do and take care of with memory care individuals so time is crucial. So it helps a lot to not have to take as much time doing the care tracking on a better device. In order to do it, we have to login under user- specific logins that are password protected. The software tracks all logins, log-outs, and information accessed and tracked. With it being password protected and tracked, does it still violate hippa to access the charting on a personal device? Thank you for your input
Hello,
Thank you for reaching out. Your management team is correct, charting on personal devices is not allowed. Although you might be using some sort of password on your personal device, it would not rise to the same level of security as the devices provided by your community. Regardless of the level of security on your personal device though, it is still a personal device and you would not be able to chart or keep any other resident information on it. If you have concerns about the devices you’re being provided with, I would recommend reaching out to your management team. I hope this helps!
I am POA for a client who is in an assisted living in Florida. There are frequent changes in the wellness director position. The latest WD has informed the residents that require meds assistance they must be in their room to get their meds. This is a hardship for her as she has difficulty walking. Also it traps her in her room for long periods of time. She has in the past had to wait until 11 am to get her pills thus missing breakfast. The previous WD would have the med tech approach the residents and ask them to step out of the dining room, activities room, therapy etc to the empty hall and give her the meds. Why is this a violation of hippa?
Hi Lisa,
Thank you for reaching out. I’m sorry to hear that your client is having a hard time. Based on the information you’ve shared it’s hard to understand where the violation would be occurring. Depending on their policy for administering medication though, perhaps they are sharing what the medications are or are reviewing them with the residents? This is just a guess and without all the information it is hard for me to say for sure. I can certainly appreciate your concern about having to wait in the room for long periods of time though and would think that there has to be a way around this. I would recommend talking with the Wellness Director and/or Administrator to express your concern and see what can be done. I hope this helps!
If I discuss with a family member of another resident at my mother’s assisted living facility how I don’t feel the attendants are treating my mother right…..Is that a hippa violation? And the family member also tells me they feel the same way. Not discussing medical treatment or diagnosis. Just how the staff is rude/or mean to my mother.
Hi Kim,
Thank you for reaching out. Family members certainly have the right to talk with each other and express how they are feeling about the community. This would not be a HIPAA violation. If you would start to get into discussing any medical diagnosis or treatment though, that could become a concern. In addition, if you have concerns about the care that your mother is receiving, I would recommend discussing it with the manager of your mother’s unit or the Administrator of the community. They would be able to assist you and make sure that she is being cared for and treated appropriately. I hope this helps!