Hello,
I am trying to get some guidance on HIPPA law in the USA.
First, is there a better place to post about this topic?
If not, would anyone know of a good place with as detailed examples of possible HIPPA violations as possible?
Or, specifically, would anyone know if the following would be a HIPPA violation, and if so, what type?:
An employee at a supposedly HIPPA protected facility bringing their adolescent or early teen kid to the facility, and the kid both having access to records as well as performing staff duties with patients/clients.
Also, would anyone happen to know if there is any type of HIPPA violation ‘exemption’ a facility/individual could have available to them in a situation like this?
I believe a violation is occurring, but am not sure how to clarify specifically or if some exemption exists which allows this to occur.
Thank you for taking the time to read my post.
Any direction or guidance you may be able to provide is greatly appreciated.
deleted by creator
I’m sorry. I definitely meant HIPAA. My bad.
Thank you very much for the correction and link.
Going off another comment, I guess I still need to get some clarification regarding details and possible exemptions, or how to check on their eligibility for exemption. (In the very least, possibly having <50 employees I guess.)
If the kid is not an employee it’s a huge violation, they shouldn’t even be allowed to use a computer that has access to health care data.
If they are an employee, they are only allowed to access the files they need to do their job (for example, it’s technically a violation to look up your own files, having access and the files being about yourself is still a violation if it’s not required to do your job).
There is no such thing as an exception (unless under 50 employees), everyone has to be HIPPA compliant if they are working with healthcare data.
Most company’s have a compliancy hotline you can submit a tip too, but if you don’t trust the company you can always submit the tip to the official HIPPA hotline.
Website with more info: https://www.cdc.gov/phlp/php/resources/health-insurance-portability-and-accountability-act-of-1996-hipaa.html
Thank you very much for commenting.
Well, I’ve seen the kid sitting at a computer as well as looking at paper records with names clearly visible. And, while I was there cleaning, I’ve seen him go through and do ‘wake up calls’ to wake the people staying there.
Though, the 50 employees detail makes me question a bit now.
It’s a ‘behavioral’ shelter facility which provides short stays (minimum 90 days) for unhoused or substance treatment clients (they don’t provide the substance treatment here, only the temporary housing and “case management” to help find housing), or individuals moved out of inpatient hospital stays who need a place to stay.
They are run by a larger religious organization in the area, which has 3 or 4 other locations in town. I’ve seen on their website that they have regional offices elsewhere in the state, so, it’s possible they have at least 50 employees across all those regions. Though, I can’t be entirely sure of that, and not sure how to check on it.
Thanks again for the help so far!