Recently, a National Labor Relations Board (NLRB) judge ruled that there were no grounds for the termination of an employee who was fired for accessing coworker information from the facility’s medical records system. The facility stated that the termination was for a HIPAA violation, and when I first read the headline I thought that the judge had lost his mind. It made no sense. This was clearly a HIPAA violation.
Upon further reading, however, I found that Rocky Mountain Eye Center was using Centricity for both their patient data and their employee data. It was common practice for employees to access each others’ data to get in touch over work-related issues. They also used it to get in touch for other reasons, such as scheduling a baby shower for one of the coworkers. To put the icing on the cake, employee information was not kept anywhere else in the facility.
The terminated employee was trying to help form a union and obtained the addresses of employees so that they would be able to be contacted. The judge basically said that, although there might be HIPAA issues because the employees’ data was kept in Centricity and employees were trained to access the data that way, it was a wrongful termination.
There are a whole host of issues here, including human resources issues, but if we look at this matter strictly in terms of how it relates to HIPAA, all I can say is “Don’t store your employee information with your patient data!”
We are taught that we should only look at the minimum amount of patient data necessary to perform our job. How would we know that an employee was a patient if all the data is comingled? If an employee becomes a patient, there are different protocols that have to be followed.
There are so many ways to store HR information that I personally can’t see why anyone would use their patient documentation system to do it. Can you?
No related posts.