Protecting the privacy of personal health information
In January of last year, a woman, who was in the midst of divorce proceedings, was admitted to the hospital for heart surgery. When admitted, she was very concerned because she knew that her estranged husband, a non-nurse, and his new girlfriend, a Registered Nurse (RN), were employees of the hospital where she was being treated. The patient informed the admitting staff, her nurses, and physicians that she did not want her estranged husband or his new girlfriend to know that she was a patient at the hospital nor to have access to her personal health information. As an added precaution, she was admitted to the hospital using her pre-marriage name.
After she was discharged from the hospital, the patient learned, through conversations with her estranged husband, that he was aware that she had been hospitalized and he was privy to the details of her treatment. The patient was upset by what she felt was a privacy intrusion. After thinking about the matter for a few days, the patient filed a formal complaint with the hospital alleging that there had been unauthorized access of her health records by her estranged husband and his girlfriend.
In response to the complaint, the hospital’s Chief Privacy Officer immediately flagged the woman’s electronic medical record and audited all access to the file. This meant that a report would be sent to the hospital’s Chief Privacy Officer each time the file was viewed and anyone accessing the file would be informed that the file was being closely monitored. The hospital also initiated an investigation which found that the estranged husband and his girlfriend had accessed this patient’s computerized hospital record 10 times and the access by both was unjustified. The estranged husband was not a nurse, and although his girlfriend was an RN, she was not a member of the patient’s health-care team and therefore did not have authorized access. Consequently, the estranged husband, who had been employed by the hospital for 21 years, received a 10-day suspension without pay. The RN (girlfriend), who had an unblemished 24-year career at the hospital, was suspended without pay for four weeks. Both employees were required to attend privacy classes and notified that their conduct would be monitored on an ongoing basis by their manager.
The Chief Privacy Officer informed the patient of the findings and the outcome of the hospital’s investigation. The patient has now retained a lawyer to advise her about her legal options relating to this situation.
The following links to infoLAWs will help you to answer the quiz: Confidentiality of Health Information, Legal Risks in Nursing, Privacy. The Code of Ethics for Registered Nurses will also be of assistance.
 Names, characters and locations in this article are fictitious. Any resemblance to actual persons, living or dead, or actual events is purely coincidental.
THIS PUBLICATION IS FOR INFORMATION PURPOSES ONLY. NOTHING IN THIS PUBLICATION SHOULD BE CONSTRUED AS LEGAL ADVICE FROM ANY LAWYER, CONTRIBUTOR OR THE CNPS. READERS SHOULD CONSULT LEGAL COUNSEL FOR SPECIFIC ADVICE.