Is a lack of employee privacy a HIPAA violation?

Whether this is a HIPAA violation will depend heavily on who is sitting near you and what their job roles are. Ideally, your coworkers are also dealing with HIPAA or other compliance related data, so they also are trained in how to handle protected data.

Assuming they are not trained, this situation is certainly a HIPAA violation in the making, if it isn't one already. Lack of private space means the potential for accidently leaking someone's personal health information (PHI) is much higher. Even when walking away from your desk for a few minutes, you now have to lock up any paper files and ensure that the screen saver has locked your monitor as well.

Since it's impossible to purchase a "Get Smart" cone of silence, there are a couple of other options. For starters, see if you can arrange to get a private office with locking file cabinets. If that's not realistic, hopefully there is a conference room or other useable private space to use for meetings with customers.

Regardless of the final solution, this is a prime opportunity to discuss your concerns with management. While they are doubtlessly aware of the existence of HIPAA, they may not be aware of the full extent of the regulation or that protected data is necessary for your day-to-day duties. Even in an organization that has a strong compliance program, it is not unreasonable to assume that management may be unaware of the logistical issues involved with the physical handling of data. Regardless, make managers aware of the situation so they can make the appropriate risk assessment and take appropriate actions.

More information:

• What's the best strategy to catch up with HIPAA compliance quickly? Read more.
• Is it against HIPAA regulations to permanently store sensitive data? Find out in this expert response.