Marilyn is a beloved coworker in a hospital who has taken medical leave. Bernell, a good friend at work, checks her chart and notices she’s leave for severe depression. Bernell suggests coworkers send Marilyn flowers to cheer her up.
How would this HIPAA violation be categorized?
Unintentional and acceptable
Obtaining protected health information under false pretenses
Intentional but acceptable
Unintentional and unavoidable
Obtaining protected health information with malicious intent
The Correct Answer and Explanation is :
The correct answer is “Obtaining protected health information under false pretenses.”
Explanation:
Under the Health Insurance Portability and Accountability Act (HIPAA), healthcare providers and their employees must maintain patient confidentiality. Protected Health Information (PHI) includes any information related to a patient’s health status, medical treatment, or payment for care that is identifiable to the patient. This information is private and cannot be shared without the patient’s consent, except in specific circumstances.
In the scenario provided, Bernell is checking Marilyn’s chart without her permission. Although Bernell is a good friend and may have good intentions, accessing Marilyn’s health information to learn about her medical leave status and condition (severe depression) constitutes a breach of HIPAA regulations. Bernell’s action of looking at the chart is an example of obtaining PHI under false pretenses because the information was accessed for reasons unrelated to patient care or business operations.
While Bernell may have been motivated by concern for Marilyn’s well-being, accessing a colleague’s medical information outside of authorized purposes is a violation. The intent does not matter in this case—regardless of Bernell’s desire to help, the action is still prohibited.
This specific violation is categorized as “Obtaining protected health information under false pretenses” because Bernell did not have permission or a legitimate work-related reason to view Marilyn’s medical details. Although Bernell did not intentionally seek to cause harm, the act of accessing PHI without permission still breaches confidentiality.
HIPAA violations of this nature are typically considered serious, as they undermine trust in the healthcare system and the protections in place to maintain patient privacy. Therefore, such actions must be addressed promptly to avoid further violations and ensure compliance with HIPAA guidelines.