Uploaded by Cloud zeeshan

Healthcare Compliance Case Study: Privacy Breach Scenario

advertisement
Compliance Management Scenario
Anika is the manager of a five-physician practice affiliated with a large healthcare system.
She oversees a dozen nurses, the front office staff, a two-person health information
management (HIM) department, and several technicians. As a mid-level manager, she
reports to the healthcare system’s administration.
One morning Anika is stopped abruptly in the hallway by one of her nurses who is with a
patient. The nurse says he has received an irate telephone message from a patient’s
daughter-in-law and is passing the information on to Anika for her to follow up. “That’s your
job to handle,” the nurse exclaims, while accompanying the patient into a room.
Anika phones the daughter-in-law, Mrs. Stevens, to ask how she can be of service. Mrs.
Stevens, speaking loudly and excitedly, explains that her husband and the rest of the family
had no idea that her father-in-law is being seen for cancer treatment. She is upset that no
one told the family and is requesting more information about her father-in-law’s diagnosis,
treatment, and anticipated outcomes.
Anika tells Mrs. Stevens that she needs to visit with her father-in-law’s physician for any
information. Mrs. Stevens replies that her father-in-law had told his son and family that he
was being treated for back pain and was improving. Her father-in-law lives alone, about a
half hour from his son and family, and they usually visit weekly.
Anika then asks why Mrs. Stevens is asking about the cancer treatment if she believed that
her father-in-law was being treated for back pain. Mrs. Stevens replies that someone from
the clinic called yesterday and left a voicemail on their phone, reminding her father-in-law
about his appointment for chemotherapy the next day.
Mr. Stevens, the patient’s son, had listened to the voicemail when he returned home from
work and Mrs. Stevens arrived home to find her husband distraught, having just had an
angry discussion with his father. Mrs. Stevens reported that although the family was very
upset by the call, they were glad to know the truth about his condition. Her husband,
however, was angry because he felt blindsided and unprepared for the information. Mrs.
Stevens asks why the clinic left a message on their phone and not her father-in-law’s.
Anika calmly states that Mrs. Stevens needs to speak directly with her father-in-law about
any information related to his medical condition. Anika promises that she will investigate the
incident and call Mrs. Stevens back with any further information as to how this could have
happened. Anika apologizes repeatedly and the call ends amicably.
Anika goes to the clinic’s front desk, which is very busy with phones ringing and patients
waiting. Since it is not a good time to speak with the front desk staff, she decides to check
the patient management system to see who made the phone calls for appointment
reminders the day before. She sees it was Denise and leaves a note on Denise’s desk to
request she come see Anika in her office when the front desk is clear.
Anika then uses the electronic record system to open Mr. Steven’s medical record and
gather more information. She sees that he has just started treatment for prostate cancer
and there is nothing in the physician dictation indicating that Mr. Stevens wants his medical
condition kept confidential from his family. She also notices that there are three current
clinic patients with the name Joseph Stevens.
About half an hour later, Denise comes to Anika’s door. Anika closes the door and questions
Denise about the call. “Yes, I called the number listed in the scheduling system,” Denise
says. Denise watches as Anika opens the patient management system and sees the name
Joseph Stevens listed on the chemotherapy schedule for today. She also sees Denise’s
name in the system, indicating that she had phoned Mr. Stevens yesterday with an
appointment reminder. Anika jots down the phone number and goes back into Mr. Steven’s
electronic health record.
Anika finds that the phone number in the patient health record does not match the number
listed in Mr. Steven’s file in the patient management system. Denise looks worried. “It’s not
my fault,” she says. “I called the number listed by his name in the scheduling system.”
Anika decides to dig a little deeper. Denise has been at the clinic for ten years and is not
prone to mistakes like this.
Anika finds that Joseph C. Stevens, the patient’s son, is also a patient at the clinic. Anika
compares the addresses and phone numbers for both men in the electronic record system
and finds that they are different. However, the son’s phone number is listed under his
father’s name in the patient management system.
Anika directs Denise to return to the front desk and to input the correct number
immediately for the father-in law, Mr. Stevens, and to look through all other records for him
in the patient management system to determine if there are any other inaccuracies. They
then discuss the importance of leaving only minimal information on a voicemail. Denise
should not have left any information pertaining to the patient’s treatment and should only
have stated the appointment time and date. Anika tells Denise that she will need to
document this mistake in Denise’s employment documents. “I’m not officially writing you up
for this,” Anika says, “but I am noting it in my own personnel files here in my office. You
should know better.” Denise seems a bit upset as she leaves.
Anika’s phone rings. It is one of her nurses asking her to come to the check-in area right
away. The father-in law, Mr. Stevens, is there for his treatment and is very upset. He wants
to speak to the clinic manager. As Anika is speaking to the nurse on the phone, she can
hear Mr. Stevens complaining in the background.
“My privacy rights have been broken by this clinic,” he says. “I’m going to be calling my
lawyer about this. I didn’t want my family to know about my cancer and now they are all
blubbering about it as if I am going to die. This is exactly what I didn’t want! I thought I had
rights!”
Anika tells the nurse to inform Mr. Stevens that she is coming to see him immediately.
Anika hangs up the phone with the nurse and walks down the hall towards the check-in
area. She makes a mental note of the paperwork that she needs to submit, including an
incident report, and who she needs to notify of the breach in patient confidentiality. Anika
will see if she can calm down Mr. Stevens by explaining what happened. Then she will begin
her phone calls and documentation. Finally, she will contact the healthcare system’s
compliance officer to discuss her findings and seek further advice.
Download