{"id":13100,"date":"2020-12-01T17:41:27","date_gmt":"2020-12-01T22:41:27","guid":{"rendered":"http:\/\/blogs.cooperhealth.org\/weeklyrounds\/?p=13100"},"modified":"2020-12-01T17:44:49","modified_gmt":"2020-12-01T22:44:49","slug":"covid-privacy-and-hipaa-violations","status":"publish","type":"post","link":"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/2020\/12\/covid-privacy-and-hipaa-violations\/","title":{"rendered":"COVID, Privacy, and HIPAA Violations"},"content":{"rendered":"<p>The Cooper Privacy Department monitors access to patient medical records. With COVID numbers rising across the country, we are all concerned about ourselves and our family members. Recently, we have seen a significant surge in HIPAA violations where employees are accessing a family member\u2019s medical record to review COVID test results without the family member\u2019s written permission.<\/p>\n<p>We would like to take this opportunity to remind you that, as Cooper employees, we all have the responsibility to protect the privacy of patient information. You have access to information you need to perform your job and provide care to your patients. In general, this means that you may, without the patient\u2019s permission:<\/p>\n<ul>\n<li>Discuss the patient\u2019s care with other providers within and outside Cooper, e.g., a Cooper physician discussing a hospital stay with the patient\u2019s primary care physician.<\/li>\n<li>Discuss the patient\u2019s care with the patient\u2019s care designee.<\/li>\n<li>Provide a copy of the patient\u2019s medical record to a patient\u2019s specialist, nursing home, rehab center, etc.<\/li>\n<\/ul>\n<p>Actions such as those above are defined under HIPAA as \u201cpurposes of treatment.\u201d \u201cPurposes of treatment\u201d means activities that you perform as part of your job at Cooper. <strong>UNLESS you are accessing the patient\u2019s medical record as part of your Cooper job responsibilities to treat the patient, you are NOT accessing the records for purposes of treatment.<\/strong><\/p>\n<p>A HIPAA violation occurs when an employee accesses the medical record of any individual (including a family member) who is not related to the performance of the employee\u2019s job responsibilities (payment, treatment, or operations) <strong>unless <\/strong>Cooper has a signed written authorization from the patient authorizing the employee to access their medical record.<\/p>\n<p>The following outline summarizes conduct consistent with Cooper policy and HIPAA requirements (acceptable) versus conduct that is not (unacceptable) when accessing the medical record of a family member living within the confines of your home. It also outlines the disciplinary process that will follow unacceptable conduct. This policy will apply to all employees including physicians:<\/p>\n<ul>\n<li>Accessing your own medical record \u2013 <strong>Acceptable<\/strong> to access your own medical record for view and print only. You may not make changes to your medical record. (Cooper prefers that in lieu of accessing your own medical record, you set up a myCooper account, which you can accomplish in any Cooper office.)<\/li>\n<li>Accessing the medical record of an adult family member living within the confines of your home <strong>with<\/strong> a signed written authorization. The authorization must be signed prior to the access, scanned into the patient\u2019s medical record and is good for one (1) year \u2013 <strong>Acceptable <\/strong>to access the medical record, assuming there is no malicious intent. (Cooper prefers that, in lieu of accessing the patient\u2019s medical record directly, you set up a proxy access in myCooper, which can be accomplished by contacting the patient\u2019s PCP office.)<\/li>\n<li>Accessing the medical record of an adult family member living within the confines of your home outside of payment, treatment, or operations <strong>without <\/strong>a signed written authorization \u2013 <strong>Unacceptable <\/strong>to access the medical record.\n<ul>\n<li>First Offense \u2013 Written warning and re-education, assuming there is no malicious intent.<\/li>\n<li>Second Offense \u2013 Termination.<\/li>\n<\/ul>\n<\/li>\n<li>Access the medical record of your custodial minor family member <u>under the age of 12<\/u> \u2013 <strong>Acceptable<\/strong> to access the medical record, assuming there is no malicious intent.<\/li>\n<li>Accessing the medical record of you custodial minor family member outside of payment, treatment, or operations from <u>12 years old to 18 years old<\/u> \u2013 <strong><a href=\"#_ftn1\">[1]<\/a><\/strong>\n<ul>\n<li>First Offense \u2013 Written warning and re-education, assuming there is no malicious intent.<\/li>\n<li>Second Offense \u2013 Termination.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>The following outline summarizes conduct consistent with Cooper policy and HIPAA requirements (acceptable) versus conduct that is not (unacceptable) when accessing patient medical records. It also outlines the disciplinary process that will follow unacceptable conduct. This policy will apply to all employees including physicians:<\/p>\n<ul>\n<li>Access the medical record of all <strong>adult<\/strong> individuals <strong>with<\/strong> a signed written authorization. The authorization must be signed prior to the access, scanned into the patient\u2019s Epic medical record and is good for one (1) year \u2013 <strong>Acceptable<\/strong> to access the medical records, assuming there is no malicious intent. (Cooper prefers that you set up proxy access in myCooper in lieu of accessing the patient record directly.)<\/li>\n<li>Access the medical record of all <strong>adult <\/strong>individuals outside of payment, treatment, and operations <strong>without<\/strong> a signed written authorization \u2013 <strong>Unacceptable <\/strong>to access the medical record.\n<ul>\n<li>First Offense \u2013 Termination.<\/li>\n<\/ul>\n<\/li>\n<li>Access the medical record of all other minor individuals outside of payment, treatment, or operations \u2013 <strong>Unacceptable<\/strong> to access the medical record.\n<ul>\n<li>First Offense \u2013 Termination.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>Cooper reserves the right to vary the discipline outline above based on the existence of mitigating or aggravating circumstances.<\/p>\n<p>These requirements and limits apply to all Cooper personnel and medical staff members. If you have questions, please call Cooper\u2019s Privacy Officer, Phil Curran, at 856.361.1967 or email privacyofficer@cooperhealth.edu.<\/p>\n<p><a href=\"#_ftnref1\">[1]<\/a> Under NJ law, minors are treated as adults for purposes of consent to treatment in certain areas, including pregnancy, venereal disease, HIV, drug and alcohol dependency, and in treatment in connection with a sexual assault. Since Epic does not provide a mechanism to limit access to these protected areas, the expectation is that the employee will communicate with HIM to obtain the medical record so HIM will have the opportunity to redact any information protected by the statutory prerogatives for minor\u2019s consent to care.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Cooper Privacy Department monitors access to patient medical records. With COVID numbers rising across the country, we are all concerned about ourselves and our family members. Recently, we have seen a significant surge in HIPAA violations where employees are accessing a family member\u2019s medical record to review COVID test results without the family member\u2019s &#8230; <span class=\"more\"><a class=\"more-link\" href=\"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/2020\/12\/covid-privacy-and-hipaa-violations\/\">[Read more&#8230;]<\/a><\/span><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_links_to":"","_links_to_target":""},"categories":[5559,1,5553],"tags":[],"class_list":{"0":"entry","1":"post","2":"publish","3":"author-ddevenney","4":"post-13100","6":"format-standard","7":"category-announcements","8":"category-uncategorized","9":"category-tips-information"},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>COVID, Privacy, and HIPAA Violations - Weekly Rounds<\/title>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"COVID, Privacy, and HIPAA Violations - Weekly Rounds\" \/>\n<meta property=\"og:description\" content=\"The Cooper Privacy Department monitors access to patient medical records. With COVID numbers rising across the country, we are all concerned about ourselves and our family members. Recently, we have seen a significant surge in HIPAA violations where employees are accessing a family member\u2019s medical record to review COVID test results without the family member\u2019s ... [Read more...]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/2020\/12\/covid-privacy-and-hipaa-violations\/\" \/>\n<meta property=\"og:site_name\" content=\"Weekly Rounds\" \/>\n<meta property=\"article:published_time\" content=\"2020-12-01T22:41:27+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-12-01T22:44:49+00:00\" \/>\n<meta name=\"author\" content=\"ddevenney\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ddevenney\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/2020\/12\/covid-privacy-and-hipaa-violations\/\",\"url\":\"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/2020\/12\/covid-privacy-and-hipaa-violations\/\",\"name\":\"COVID, Privacy, and HIPAA Violations - Weekly Rounds\",\"isPartOf\":{\"@id\":\"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/#website\"},\"datePublished\":\"2020-12-01T22:41:27+00:00\",\"dateModified\":\"2020-12-01T22:44:49+00:00\",\"author\":{\"@id\":\"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/#\/schema\/person\/fb4dea96c34aae30281f6ebcebaf8684\"},\"breadcrumb\":{\"@id\":\"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/2020\/12\/covid-privacy-and-hipaa-violations\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/2020\/12\/covid-privacy-and-hipaa-violations\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/2020\/12\/covid-privacy-and-hipaa-violations\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"COVID, Privacy, and HIPAA Violations\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/#website\",\"url\":\"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/\",\"name\":\"Weekly Rounds\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/#\/schema\/person\/fb4dea96c34aae30281f6ebcebaf8684\",\"name\":\"ddevenney\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d600b9e0fdf91f48ebb3096e79500e825d83feed1ef49bff9edb03de1189e1a8?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d600b9e0fdf91f48ebb3096e79500e825d83feed1ef49bff9edb03de1189e1a8?s=96&d=mm&r=g\",\"caption\":\"ddevenney\"},\"url\":\"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/author\/ddevenney\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"COVID, Privacy, and HIPAA Violations - Weekly Rounds","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"COVID, Privacy, and HIPAA Violations - Weekly Rounds","og_description":"The Cooper Privacy Department monitors access to patient medical records. With COVID numbers rising across the country, we are all concerned about ourselves and our family members. Recently, we have seen a significant surge in HIPAA violations where employees are accessing a family member\u2019s medical record to review COVID test results without the family member\u2019s ... [Read more...]","og_url":"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/2020\/12\/covid-privacy-and-hipaa-violations\/","og_site_name":"Weekly Rounds","article_published_time":"2020-12-01T22:41:27+00:00","article_modified_time":"2020-12-01T22:44:49+00:00","author":"ddevenney","twitter_card":"summary_large_image","twitter_misc":{"Written by":"ddevenney","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/2020\/12\/covid-privacy-and-hipaa-violations\/","url":"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/2020\/12\/covid-privacy-and-hipaa-violations\/","name":"COVID, Privacy, and HIPAA Violations - Weekly Rounds","isPartOf":{"@id":"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/#website"},"datePublished":"2020-12-01T22:41:27+00:00","dateModified":"2020-12-01T22:44:49+00:00","author":{"@id":"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/#\/schema\/person\/fb4dea96c34aae30281f6ebcebaf8684"},"breadcrumb":{"@id":"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/2020\/12\/covid-privacy-and-hipaa-violations\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blogs.cooperhealth.org\/weeklyrounds\/2020\/12\/covid-privacy-and-hipaa-violations\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/2020\/12\/covid-privacy-and-hipaa-violations\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/"},{"@type":"ListItem","position":2,"name":"COVID, Privacy, and HIPAA Violations"}]},{"@type":"WebSite","@id":"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/#website","url":"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/","name":"Weekly Rounds","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/#\/schema\/person\/fb4dea96c34aae30281f6ebcebaf8684","name":"ddevenney","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d600b9e0fdf91f48ebb3096e79500e825d83feed1ef49bff9edb03de1189e1a8?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d600b9e0fdf91f48ebb3096e79500e825d83feed1ef49bff9edb03de1189e1a8?s=96&d=mm&r=g","caption":"ddevenney"},"url":"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/author\/ddevenney\/"}]}},"_links":{"self":[{"href":"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/wp-json\/wp\/v2\/posts\/13100","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/wp-json\/wp\/v2\/comments?post=13100"}],"version-history":[{"count":1,"href":"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/wp-json\/wp\/v2\/posts\/13100\/revisions"}],"predecessor-version":[{"id":13101,"href":"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/wp-json\/wp\/v2\/posts\/13100\/revisions\/13101"}],"wp:attachment":[{"href":"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/wp-json\/wp\/v2\/media?parent=13100"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/wp-json\/wp\/v2\/categories?post=13100"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.cooperhealth.org\/weeklyrounds\/wp-json\/wp\/v2\/tags?post=13100"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}