I was let go from my job recently and was escorted out of he building without being able to have documents shredded and such. I took nothing home, and I am to pick up my belongings soon.
I would answer calls for various individuals, and there are a couple scratch sheets that briefly detail the purpose of their inquiry, which I need shredded. This notebook is always closed, I never take it home. I want all the pages shredded before i am given my notebook back.
Should I worry about my employer reporting me for hipaa violation for having a notebook with phone numbers, names, and one or two brief explanations for callback issues? I have never taken this information home, but I do not trust my previous employer to not report me.
“Should I worry about my employer reporting me for hipaa violation for having a notebook with phone numbers, names, and one or two brief explanations for callback issues?”
How the hell should we know? You haven’t bothered to give us relevant info.
Why would these notes involve a HIPAA violation? Care to explain?!
You’re asking a question wanting a specific answer and providing almost zero useful contextual information. Unless you are at war or in litigation with your ex employer for them to pursue HIPAA violations based on some paper notes you took re patient care is (IMO) kind of unlikely. If you were writing down private info for uses that obviously had nothing to do with patient care, say some “hot or not” list of patients in your care or similar nonsense with their info listed then you might have some worries.
Call HR, explain, ans ask them to be sure the notes are destroyed. If the notes were at your desk and you weren’t given any time to manage them, I would highly doubt that constitutes a HIPAA violation. However, I’d think you still have an obligation to alert someone who can secure them.
IANA lawyer or anything, but I’d think that merely having a list of names, numbers and comments isn’t necessarily a HIPAA violation, unless there was something specifically health related
e.g. if it says “John Smith 4/28, 222-333-4444 Call back about dr. visit”, you’re cool. If the comment like was “Call back about erectile dysfunction diagnosis and viagra prescription”, then you’re theoretically on the hook.
But… my guess is that unless someone’s suing your former employer about HIPAA violations that involve you and your notebook, you’re probably good. That’s the kind of thing that gets one fired, but not necessarily in any hotter water than that, unless there’s already a suit about it.
I know a guy who literally fucked up a join on a database table and sent a bunch of individual health metric stuff and identifiable info to the wrong people outside the company. He got let go, but he didn’t end up in any hotter water than that, because no one sued.
Sorry I was not descriptive enough. I worked in a call center having to do with third party admins and basic medical issues
I had a few callback numbers and one or two key points on customer complaints, one did have a brief overview about a personal doctors visit and I did have a couple of details on there for the sake of an issue to have a supervisor take care of.
I was not let go for a hipaa violation. Something completely unrelated
There are mainly phone numbers and one brief overview about an appointment that went wrong, some details on a service rendered that I could pass on to management to take care of.
No social security numbers.
Just one or two notes saying something like “this person had issues with procedure coverage, here’s the procedure why is it not covered?”
And maybe one or two new addresses to change the system with
Thank you. That is what I was thinking. I just do not trust my old boss as he was very flippant and easy to find something to get you in trouble over. The reason I was let go was very minor.
I will call them today and ask how they would like to proceed
As a general rule, only a covered entity can violate HIPAA. Unless you are a physician, you are not a covered entity; the responsibility for compliance rests with your former employer.
I am not your lawyer, this is not legal advice, blah blah blah.
I would say that it’s extremely unlikely that you would get into trouble with the feds.
It’s reasonable for a call center employee to need to take notes for callbacks; you did so in a covered notebook, which you shredded unneeded pages from every night. You kept the cover closed when it wasn’t in use. If you were not given a chance to shred the documents after the meeting letting you go, that’s not your fault. I agree with the suggestion that you call HR and give them a heads-up.
Besides that, no employer would want to open themselves up to scrutiny for you (an employee) possibly breaking HIPAA rules anyway. That could lead to “the HIPAA police” looking at the employer’s training, policies and procedures, and all kinds of pain in the ass.
ETA: and what **Really Not All That Bright **said.
Anybody can sue anybody for any reason; whether or not they win depends on the viability OF their claim.
A manager/employer would gather unfavorable information on an employee to justify letting that employee go; they’ve already DONE that, so there’d be no reason to continue gathering information on you and/or sue you.
If, for some odd reason, you WERE sued or “got in trouble”, it would be very easy to explain that in your position - and given the tools you were provided TO perform your job - notes on a pad would be standard operating procedure. If, as an employer they were that concerned about confidentiality, they should have provided you with ink that disappears after two minutes.
Based on what you’ve written, I’m not seeing anything that should cause you concern.
I very much appreciate your response. I did have a few sheets (6-7 small scratch sheets) that I did not have the opportunity to throw out for shredding.
My employer has confirmed that any secure information has been taken care of. I have it in writing. I know it is silly to assume they would try to find information to come after me, but treatment prior to my termination has made me lose trust in my employer and feel like a target,
Having info about patient health is NOT a violation of HIPAA, unless you broke some rule to obtain it. You said your was info for callback about issues? Why should your having notes about doing your job be a cause for concern?
I can’t see where anybody would have a problem with it. If you were bum’s rushed out of your job, I think that a prosecutor/lawyer/judge will understand.
This is completely contrary to what is covered in my company’s annual HIPAA training. An individual can be prosecuted for violating HIPAA, and all individuals who handle private health information are responsible for protecting it. Our company even issued us little signs to put on our desk instructing other not to leave PHI if we weren’t there to accept it in person.
belatedme, I see two factors:
whether your notebook contained PHI. From what you’ve said, maybe. A name, a phone number, and details of a procedure count as PHI.
where the notebook was exactly. If it was on your desk, out in the open, you’ve violated HIPAA. If it was in a desk drawer, probably not. If it was in a locked drawer, not at all.
Worst case scenario - the person who cleans out your desk reads through your notebook page by page to determine if there’s PHI in it, decides they hate your guts enough to report it, and the compliance person figures they are better off reporting it up the ladder even though it points out that your company didn’t provide you with locking drawers (mine doesn’t), train you better on PHI, or provide a way to dispose of PHI no-questions-asked.
No, not if the OP was removed from work without a chance to lock up and has now taken steps to protect the information. You don’t have to handle PHI in a locked room. You do need to safeguard it and secure it. A firing such as the OP describes, without the opportunity to secure it until afterward is on the employer, not the OP.