Problem solve Get help with specific problems with your technologies, process and projects.

Is a lack of employee privacy a HIPAA violation?

Insufficient employee privacy for those who handle Medicare and Medicaid claims can result in a HIPAA violation. Learn how to keep this data safe and keep your organization compliant.

I file all Medicare and Medicaid claims that come into our company. There are other desks around mine with little privacy -- customers can even walk up to my desk. I am expected to talk to patients about their Medicare claims in front of others. Isn't this a major violation of HIPAA? Should I be more concerned about this now that organizations are being fined for HIPAA violations?

Whether this is a HIPAA violation will depend heavily on who is sitting near you and what their job roles are. Ideally, your coworkers are also dealing with HIPAA or other compliance related data, so they also are trained in how to handle protected data.

Assuming they are not trained, this situation is certainly a HIPAA violation in the making, if it isn't one already. Lack of private space means the potential for accidently leaking someone's personal health information (PHI) is much higher. Even when walking away from your desk for a few minutes, you now have to lock up any paper files and ensure that the screen saver has locked your monitor as well.

Since it's impossible to purchase a "Get Smart" cone of silence, there are a couple of other options. For starters, see if you can arrange to get a private office with locking file cabinets. If that's not realistic, hopefully there is a conference room or other useable private space to use for meetings with customers.

Regardless of the final solution, this is a prime opportunity to discuss your concerns with management. While they are doubtlessly aware of the existence of HIPAA, they may not be aware of the full extent of the regulation or that protected data is necessary for your day-to-day duties. Even in an organization that has a strong compliance program, it is not unreasonable to assume that management may be unaware of the logistical issues involved with the physical handling of data. Regardless, make managers aware of the situation so they can make the appropriate risk assessment and take appropriate actions.

More information:

This was last published in December 2008

Dig Deeper on HIPAA

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.