Is it a HIPAA violation for an MD or office staff member to leave a patient chart in the room with a patient and walk out of the room during an office visit? Is it a violation if the patient reads the chart or if the patient uses their phone to photograph and text parts of the chart to someone? What would be the possible ramifications?
Nancy Brent replies:
The Privacy Rule of the Health Insurance Portability and Accountability Act protects the privacy of personally identifiable health information from being released without a patient’s consent, except in limited circumstances. Remember, though, that patient information in the patient chart is the patient’s. There would be no violation of HIPAA for a person to read from the chart health information about himself or herself
If the patient chooses to copy and send information in his or her chart to someone else, again there is no violation of HIPAA because it is the patient who is releasing the information about himself or herself to another. Why a patient would elect to obtain his or her own personal information and send it to another in the manner you describe is strange, but there is no HIPAA violation.
The office in which this took place may have a policy that patients do not see his or her health record. This, again, is a strange policy indeed and inconsistent with the right of an individual to obtain a copy of his or her own health records. A violation of such a policy is the only ramification apparent in the scenario in your question.
You need to learn more about HIPAA and its protections. There are a vast amount of resources available to you, including articles in nursing journals and on the Web. A good resource to begin with is www.HHS.gov. When you get to the home page of the Department of Health and Human Services, click on the Health Information Privacy tab. On the left of the screen are many choices for additional information, including the link “Understanding HIPAA Privacy”.