
	Home > Ask the Security Experts > Security Management Questions & Answers > As the nursing QI, do I have the right to patient information under HIPAA?

Ask The Security Expert: Questions & Answers

EMAIL THIS

As the nursing QI, do I have the right to patient information under HIPAA?

EXPERT RESPONSE FROM: Mike Rothman

		Pose a Question

		Other Security Categories

		Meet all Security Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 07 July 2008
I work as the Nursing Quality Improvement Coordinator for a hospital. Our HIPAA coordinator has told me that I have no right to access patient files. As the Nursing QI, I do investigate incident reports, and of course we collect data for compliance with CMS control monitoring. Do I have the right to patient information as a QI person?

EXPERT RESPONSE
There is no simple answer to that question. HIPAA is pretty nebulous about who should access specific types of data, so that really puts the decision in the hands of whichever auditor shows up to evaluate the controls and processes that protect patient data.

This question is essentially about right and wrong. Unless there is a clear need for a QI to access patient information, then he or she shouldn't. Period. If the QI is conducting an investigation, driven by either an incident or as part of a process improvement initiative, then it might be acceptable. However, the patient should be notified ahead of time, and give his or her permission to proceed.

Yes, that's a hassle. And yes, it's possible to structure the HIPAA notification to allow access to the patient's data under certain circumstances. But that doesn't make it ethically right. The question is: What's best for the patient? Would he or she want a QI rummaging through his or her data? Probably not.

More information:

Does an off-site employee exit interview violate HIPAA guidelines?
Collecting consumer social security numbers: Is it HIPAA compliant? Read more.

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Security Management
	What is the GISP certification and how does it compare to the CISSP certification?
	Would QSAs normally write up a PCI DSS report on compliance (ROC) and submit it to all issuing card brands?
	How can gap analysis be applied to the security system development life cycle?
	When should an enterprise consider low-cost security appliances vs. a bigger do-everything appliance?
	What are some tips on protecting my security budget in a tight economy?
	What value do research firms provide to enterprises that subscribe to their services?
	What certificate offers the best ROI for an IT project manager?
	Which is the biggest threat to data: Insider activity or outsider activity?
	What role does information security play in enterprise fraud-prevention activities?
	What is the difference between an SAS 70 data center and a Tier III data center?

HIPAA

Consensus Controls project aims to set benchmarks for compliance

HIPAA privacy regulations get some teeth: Be prepared

Security visualization helps make log files work

Organization develops health care security framework

Walter Reed admits breach of patient information

Companies still monitoring email manually, survey finds

The road to compliance

Hannaford breach illustrates dangerous compliance mentality

Is it against HIPAA regulations to permanently store sensitive information?

Is it against HIPAA regulations to print a patient's Social Security number (SSN) on an insurance card?

HIPAA Research

Information Security Laws, Investigations and Ethics

Anti-cybercrime legislation sent to president

DHS should lose cybersecurity authority, experts say

Google amends log retention rules, privacy advocates respond

Security Certifications' Ethics Programs Merely Window-Dressing

MIT case shows folly of suing security researchers

What vendors would you recommend for software write-blockers?

TJX hacking ring charged in federal indictment

IBM X-Force report critical of independent security researchers

Valuable lesson emerges from DNS flaw handling

Learn from NIST: Best practices in security program management

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

CALEA (SearchSecurity.com)

cyberstalking (SearchSecurity.com)

cypherpunk (SearchSecurity.com)

HSPD-7 (SearchSecurity.com)

I-SPY Act (SearchSecurity.com)

Information Awareness Office (SearchSecurity.com)

intelligence community (SearchSecurity.com)

lawful interception (SearchSecurity.com)

lifestyle polygraph (SearchSecurity.com)

vulnerability disclosure (SearchSecurity.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

Find Security Solutions for Your Business
Targeted Security Channel Tips for Resellers, Integrators and Consultants

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Site Index

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.


TechTarget Corporate Web Site \| Media Kits \| Reprints \| Site Map All Rights Reserved, Copyright 2003 - 2008, TechTarget \| Read our Privacy Policy