how to report a breach of patient confidentiality

by Liam Bauch 10 min read

Breach of Confidentiality - Standards of Care

4 hours ago  · Reporting is required whether or not the breach was an accident. Patient confidentiality laws may require that the breach be reported outside of the facility, and someone usually has to notify the patient or patients impacted by the breach. Note that the nurse should not notify the patient about the breach. >> Go To The Portal


Your complaint must: Be filed in writing: sent by mail, fax or e-mail Name the person that is the subject of the complaint and describe the act or acts believed to be in violation of the Patient Safety Act requirement to keep PSWP confidential

If you prefer, you may submit a written complaint in your own format by either:
  1. Mail or fax to the appropriate OCR regional office.
  2. Email to OCRComplaint@hhs.gov.

Full Answer

When is it okay to breach patient confidentiality?

The confidentiality of a patient should only be breached in exceptional circumstances and in line with GMC guidance. Whenever you disclose personal information about a patient you must be able to justify your reasons for doing so, which may be on the following grounds: If you obtain your patient’s explicit consent

What happens when a nurse breaches patient confidentiality?

When that privacy is denied, it can have serious repercussions. Patients need to be able to trust their doctors and other medical professionals in order to get the best care and breaches in confidentiality erode that trust and also cause emotional harm.

Are You violating patient confidentiality?

You can violate patient confidentiality without even knowing it, particularly when transferring health-care information or records to others. This complex issue involves two levels of obligation: law and ethics. Law.

How do you protect patient confidentiality?

  • Never discuss the patient’s case with anyone without the patient’s permission (including family and friends during off-duty hours)
  • Never leave hard copies of forms or records where unauthorized persons may access them
  • Only use secure routes to send patient information (for example, official mail) and always mark this information confidential

More items...

image

What are some examples of violation of patient confidentiality?

EXAMPLES OF HIPAA VIOLATIONSEmployees Divulging Patient Information. ... Medical Records Falling into the Wrong Hands. ... Stolen Items. ... Lack of Proper Training. ... Texting Private Information. ... Passing Patient Information Through Skype or Zoom. ... Discussing Information Over the Phone. ... Posting on Social Media.More items...•

What happens when patient confidentiality is breached?

If a doctor breaches the confidential relationship by disclosing protected information, the patient may be entitled to bring a lawsuit against the doctor. The patient may be able to recover compensatory damages, including emotional suffering and damage to reputation resulting from the disclosure.

What is an example of breach of confidentiality in healthcare?

Most often, a breach can happen when a nurse shares patient information with a person who is not a member of the healthcare team or when a patient's electronic medical record is accessed for a personal reason when a nurse is not providing care.

Who should a breach of PHI be reported to?

In addition to notifying affected individuals and the media (where appropriate), covered entities must notify the Secretary of breaches of unsecured protected health information. Covered entities will notify the Secretary by visiting the HHS web site and filling out and electronically submitting a breach report form.

What are 3 possible consequences of breaching client confidentiality?

The consequences of a breach of confidentiality include dealing with the ramifications of lawsuits, loss of business relationships, and employee termination. This occurs when a confidentiality agreement, which is used as a legal tool for businesses and private citizens, is ignored.

What is the most common breach of confidentiality?

The most common patient confidentiality breaches fall into two categories: employee mistakes and unsecured access to PHI.

When can you breach patient confidentiality?

To provide a simple answer: you may, in certain circumstances, override your duty of confidentiality to patients and clients if it's done to protect their best interests or the interests of the public. This means you may override your duty if: You have information that suggests a patient or client is at risk of harm.

In which situation can a client's confidentiality be breached legally?

A breach of confidentiality occurs when a patient's private information is disclosed to a third party without their consent. There are limited exceptions to this, including disclosures to state health officials and court orders requiring medical records to be produced.

When should a nurse breach confidentiality?

Breaking confidentiality is done when it is in the best interest of the patient or public, required by law or if the patient gives their consent to the disclosure. Patient consent to disclosure of personal information is not necessary when there is a requirement by law or if it is in the public interest.

What is the correct order of steps that must be taken if there is a breach of HIPAA information?

Handling HIPAA Breaches: Investigating, Mitigating and ReportingStop the breach. ... Contact the privacy officer. ... Respond promptly. ... Investigate appropriately. ... Mitigate the effects of the breach. ... Correct the breach. ... Impose sanctions. ... Determine if the breach must be reported to the individual and HHS.More items...•

What are the 3 types of HIPAA violations?

Top 10 Most Common HIPAA ViolationsKeeping Unsecured Records. ... Unencrypted Data. ... Hacking. ... Loss or Theft of Devices. ... Lack of Employee Training. ... Gossiping / Sharing PHI. ... Employee Dishonesty. ... Improper Disposal of Records.More items...•

What is considered a PHI breach?

By definition, a PHI breach is “the acquisition, access, use, or disclosure of protected health information [by a covered entity or business associate] in a manner not permitted under [the HIPAA Privacy Rule] which compromises the security or privacy of the protected health information.”

What is patient privacy?

Patient confidentiality and privacy rights are a serious matter in the eyes of the law. Access to patient information is for the people assigned to provide care, and is on a "need-to-know" basis. 1 Each state's nursing practice act and the Centers for Medicare and Medicaid Services ensure the protection of patient privacy and rights.

Is confidentiality a willful violation of policies?

Although most breaches of confidentiality aren't a willful violation of policies, the nurse in this situation didn't consider the consequences of her actions before taking the path that breached patient confidentiality. As a result of this situation, the managers collaborated to prevent this from happening again.

What to do if you believe a person shared PSWP?

If you believe that a person or organization shared PSWP, you may file a complaint with OCR. Your complaint must: Name the person that is the subject of the complaint and describe the act or acts believed to be in violation of the Patient Safety Act requirement to keep PSWP confidential.

What is the OCR?

OCR enforces the confidentiality provisions of the Patient Safety and Quality Improvement Act of 2005 (Patient Safety Act) and the Patient Safety and Quality Improvement Rule (Patient Safety Rule). Together, the Patient Safety Act and Rule establish a voluntary system for Patient Safety Organizations ...

Is PSWP confidential?

PSWP may identify patients, health care providers and individuals that report medical errors or other patient safety events. This PSWP is confidential and may only be disclosed in certain very limited situations.

What happens to a patient's confidentiality after he dies?

The duty of confidentiality continues even after a patient has stopped seeing or being treated by that particular doctor. The duty even survives the death of a patient. That means if the patient passes away, his or her medical records and information are still protected by doctor-patient confidentiality.

What is confidentiality in medical terms?

Because these types of relationships often involve very personal and sensitive information (such as medical conditions or personal finances), confidentiality serves to facilitate open and forthright communication between both parties -- thereby serving the best interests of all involved. This article focuses on breaches of doctor-patient confidentiality, the scope of the law, and what to do to protect yourself.

What is the duty of confidentiality?

The professional duty of confidentiality covers not only what a patient may reveal to the doctor, but also any opinions and conclusions the doctor may form after having examined or assessed the patient.

Why is confidentiality important in a relationship?

Because these types of relationships often involve very personal and sensitive information (such as medical conditions or personal finances), confidentiality serves to facilitate open and forthright communication between both parties -- thereby serving the best interests of all involved.

What is the purpose of a doctor-patient relationship?

The objective of this confidential relationship is to make patients feel comfortable enough providing any and all relevant information.

What happens if a patient's private information is disclosed without authorization?

If a patient's private information is disclosed without authorization and causes some type of harm to the patient, he or she could have a cause of action against the medical provider for malpractice, invasion of privacy, or other related torts. Of course, if the patient consented to the disclosure, no breach occurred.

Can a doctor disclose medical information to a third party?

He or she cannot divulge any medical information about the patient to third persons without the patient's consent, though there are some exceptions (e.g. issues relating to health insurance, if confidential information is at issue in a lawsuit, or if a patient or client plans to cause immediate harm to others).

What are the confidentiality rules for doctors?

Doctor-patient confidentiality rules vary significantly by state. In most states, the rules apply to relationships involving physicians and psychotherapists. But the rules often do not apply to relationships involving dentists, optometrists , or pharmacists.

Why do doctors have confidentiality rules?

These rules of confidentiality exist, in part, to encourage patients to be frank with their doctors. Since medical issues can be very private, patients might avoid telling doctors certain details if the patient believes that the information could go beyond doctor's ears (or the patient's treatment chart).

What happens if a doctor discloses privileged information in court?

In court, the patient must assert the privilege. If a doctor begins to disclose privileged information in court, the patient (or his or her attorney) must object. Otherwise, the patient waives the privilege.

How does a patient waive the doctor-patient privilege?

A patient waives the privilege by initiating a lawsuit in which the patient's health is at issue, as long as the interactions between the doctor and patient are relevant to the lawsuit. So, a patient nearly always waives doctor-patient privilege by filing a medical malpractice lawsuit against a doctor.

What is the importance of confidentiality in a doctor?

Doctor-patient confidentiality protects not only words, but also observations. A doctor's observations during an examination of a patient are considered part of the communications that were made between the two individuals, and they are privileged as a result.

Can a patient recover damages from a wrongful disclosure?

The patient may be able to recover compensatory damages, including emotional suffering and damage to reputation resulting from the disclosure. In some states, courts will assume that the patient was damaged by a wrongful disclosure by a doctor (meaning that the patient will not have to actually prove damages).

Can a doctor disclose the date of an examination?

A doctor can disclose very basic facts about the examination without breaching the privilege . The doctor can indicate that the patient came in for an examination, the dates of treatment, and to whom the bill was tendered.

What is the importance of patient confidentiality?

What this case underscores about patient confidentiality is that there can be liability for a facility for its own duties to protect a patient’s medical information.

What did the letter to Doe from the President and CEO of the facility informing him of?

A letter was sent to Doe from the president and CEO of the facility informing Doe that an unauthorized disclosure of his confidential health information did occur, appropriate disciplinary action had been taken and steps put into place to prevent such a breach from happening in the future.

What did the nurse tell Doe about the STD?

While Doe was waiting for his treatment, the nurse texted her sister-in-law and told her Doe was being treated for the STD. The manner in which she texted this information led the sister-in-law to believe the staff was making fun of his diagnosis and treatment. The sister-in-law immediately forwarded the messages to Doe.

Why is it so difficult to track the scope of trafficking?

It is difficult to track the scope of trafficking because of the underground or hidden nature of activities. Most victims in the U.S. are unwilling participants in the sex trade.

Is a medical facility responsible for safekeeping patient information?

The court opined that a medical facility’s duty of safekeeping a patient’s confidential medical information is “limited to those risks that are reasonably foreseeable and to actions within the scope of employment.”. Because the nurse’s misconduct did not meet these requirements, the facility cannot be held liable in this case or any other case in ...

Did Doe sue the nurse?

Apparently Doe did not name the nurse in his lawsuit but elected to sue only the facilities that either owned or provided staff and other support to the facility. Perhaps Doe thought this was how he could obtain the largest amount of a monetary award. If so, the decision was unwise at best.

image

Hipaa Protects Patient Privacy

  • The Health Insurance Portability and Accountability Act of 1996, or HIPAA, is a law that was passed under President Clinton that is designed to protect patient confidentiality. It was written at a time when many medical offices were beginning to make patient records electronic, which raised a lot of concerns for security. The law also addressed the ability of patients to transfer he…
See more on standardsofcare.org

Patient Rights and Breaches of Confidentiality

  • According to HIPAA, medical professionals and other workers in healthcare and medical records are responsible for protecting and maintaining patient information, both to ensure that patients get continuity in coverage and care and also to protect patient privacy. Patients have certain rights under HIPAA, and it is important that they understand these rights. When they are violate…
See more on standardsofcare.org

When Hipaa Violations Are Malpractice

  • As with any type of medical malpractice, proving that it has occurred requires several steps. Regardless of the accusations made by the patient and their legal team, it must be proven that the person being accused had a duty to provide care to the patient. It must then be shown that there was a breach in that duty, in this case a breach in confiden...
See more on standardsofcare.org

Consequences of Breaches in Confidentiality

  • Protecting individuals is an important reason to maintain privacy, but there is also a bigger picture. Maintaining confidentiality helps to establish trusting relationships between doctors and patients, and this is essential for patients to get the best care. If a patient does not trust medical professionals, he or she may not share all important information or take needed advice. Other c…
See more on standardsofcare.org

Examples of Privacy Lawsuits

  • The consequences of a breach in patient confidentiality can be very serious, often causing mental and emotional anguish more than physical harm. In one case a child suffered both as a result of a medical professional breaching his privacy. The eleven-year-old boy had attempted suicide and his mother sued the hospital where he received care, alleging that a staff member shared inform…
See more on standardsofcare.org