HIPAA violations are finally starting to be punished

AP reported this morning that CVS is settling patient information investigation with HHS and FTC to the tune of $2.25M. Here’s the gist of it:

Employees at CVS pharmacies left the labels and other items in open trash bins outside stores, according to the Federal Trade Commission and the Department of Health and Human Services. The company also did not have adequate policies for disposing of that information, and did not sufficiently train employees to dispose of the information properly, the agencies say.

The items that were not properly discarded included pill bottles, medication instruction sheets, computer order forms, payroll information, job applications and credit card and insurance information. Those labels and forms contained personal information including Social Security numbers and credit card and insurance information, and in some cases, driver’s license numbers and account numbers. Names of the patients’ doctors were also included.

CVS said it is not aware of any consumers being harmed and has not acknowledged any wrongdoing but settled the investigation "to avoid the time and expense of further legal proceedings."

HIPAA has always been touted as a mechanism to ensure patient privacy and while it’s been a good first step, HIPAA just doesn’t have enough enforcement action capability or monitoring systems in place to make a substantial difference.

What CVS is being fined for is not unique and certainly not going to go away anytime soon. As long as the healthcare system lives on paper and we have to use untraceable faxes, mail, copies, and other manual means of transmitting patient information these kinds of HIPAA violations will continue to occur. I for one am glad to see that some enforcement is happening but it’s not enough to actual stem the tide of patient information disclosure violations.

Newsletter Sign Up

164 thoughts on “HIPAA violations are finally starting to be punished

  1. I have a question about HIPPA and violations.

    I work for a group of doctors. If I receive payment for a patient and we’re unable to identify the patient as the eob doesn’t have our patient account number or our physicians names on the eob. Can I call the insurance company to get the information I need to identify the patient with our account number?

    Example: Recently I received a copy of a check along with the eob. The eob information contained the patient name, her policy number, her date of birth, date of service and what services were rendered and the total payment.

    However it did NOT include our acct # or our physician name. When I called to get ONLY our patient acct# or physician name which would of been on the bill anyway. I was told this was a HIPPA violation and I need to fax in everything and wait until I receive a response.

    Can you clarify if this truly is a violation? How is it a violation if all I need is our acct#, I don’t need anything else but to identify which doctor gets paid?

  2. My husband went to the hospital with an emergency situation. We do not have health insurance. We were asked by the hospital to give them a financial statement, which we did. A nurse hovered over me until I had it completed and signed “for the financial department.” The financial information was placed in front of my husband’s chart for every one to see and there it remained for at least three days. The nurses kept commenting that we didn’t have insurance and one even remarked that if we could afford a house, we should be able to pay. Finally a case worker came to discuss payment, and she left the financial statement in the chart. The next day my husband was discharged and our finances were still in the chart, and the next case worker seemed to think that it was fine to discuss payment arrangements in front of other patients. I find this to be an outrageous infringement upon our privacy. Is this a violation of HIPAA or other acts? Why do nurses and doctors need access to social security numbers, checking account numbers, and other financial information to treat a patient?

  3. a nurse accessed a patient’s record for information to fill out paperwork record post code. the patient happened to be a physician. Nurse is now being accused of HIPPA violation. Is it?

  4. It was not financial data that was accessed. It was the admitting diagnosis in the history and physical. Apparrently IS is tracking how long the electronic record was access. But if the information was access for the purpose of filling out the code blue record, was that a violation?

  5. That was from a previous inquirer by Eileen. This nurse accessed the electronic medical record at her employment after the patient had a code blue incident in the cath lab. The code blue record was incomplete. She obtained the information to fill in the blanks on the record. This same nurse is now accused of HIPAA violation and facing potential termination.

  6. My daughter, who is 32 and has Down Syndrome, is a dependent on her stepmother’s HMO insurance thru her employment in California. My daughter lives with me.

    In 2007 I wrote the insurance company and asked that all and any paperwork concerning my daughter’s medical information be sent to our address. They e-mailed back and said since she was over 18 regardless of her disability, she would have to fill out and sign a release authorization form. They sent it, I filled it out saying all paperwork be sent to our address and specifically stated that the stepmother, although the provider, was not to receive any medical information at her home or work address. My daugher printed her name and we sent it back. A couple of weeks later we get a letter from the insurance company stating our request was received and processed.

    April 2009. My daughter has a minor medical problem and her doctor asked for authorization to have a surgeon look at my daughter. A few weeks passed and I had not heard anything so I asked my doctor what the status was. A couple of hours later I get a phone call and the nurse said the authorization had been sent to the wrong address (the stepmother’s) but they got another copy and I could pick it up. When I did, the code was wrong and it said her diagnosis was in part due to her pregnancy. She has Down Syndrome and is not pregnant. Now her stepmother, father, and how ever many people they told or showede the authorization to thinks this.

    Strong case for Hipaa violation?

  7. Pingback: This

  8. Is discussing a past due bill/current collections in front of other patients at an urgent care center a violation of hipaa? It was stated that the bills will be going to collections and the person was going to no longer be seen. this was expressed by the UC nurse in the waiting room to the patient.

  9. I have a question. I work in radiology and another employee with whom I work with was taking xrays of a man that placed “something” in his rectum. This employee that I speak of showed other co-workers and ortho doctors his xrays, clearly they were not related to this case and a violation of HIPAA! He was terminated. He is trying to repeal the charge against him now. My boss is vouching for this employee (saying he was a great employee, suggesting that he should have just been suspended and not terminated) and there are rumors of talks he may have his job back. Is this possible? If he does get his job back who should I report to that is higher then HR? I don’t want to be a “whistle-blower,” but this isn’t right, and I don’t know who to ask. Please help.

  10. I was recently terminated from the technology department of a major health care organization. There was no good reason for the termination (“at will” employment) however, I suspect the unauthorized access of my medical information. I was on pain medication at the time of termination and suspect my employer found this out through snooping in my file.

    I know hospitals with EMR’s can print a report showing who accessed one’s medical information. Are the hospitals required to release that report just like they are required to release the actual medical records to a patient?

  11. I was in a doctor office recently and forgot to ask the NP a question. I was having labs done and the girl said to tell the receptionist out front. Then she wanted to know what it was regarding so without thinking myself I was trying to tell her there in the waiting room infront of everyone. Then the nurse comes upfront and talks to me at the check in window infront of everyone in the front office and everyone in the waiting room. Not to mention how she talked to me like a was a dog but that is another issue I guess. Is this a violation of HIPPA?!

  12. Shahid,

    It seems to me that given the current administration’s pro-regulation, pro-Healthcare IT stance that we can expect to see more HIPPA IT related penalties and regulations in the coming years.


  13. Meg, the information you gave certainly does seem that particular case is a HIPAA violation. People are not supposed to read out loud your medical information in a public setting — that’s kind of HIPAA 101.

  14. Is it a hippa violation to give out medical information, to a insurance agency if the patient has signed a consent form of information?

    Example: Information about dates/times/ and reasons for a office visit.

    No other information given.

    1. no… that's why the patient signed that authorization to release information… that you made them sign when they first started coming to you. I work for an insurance company… and this is one of the more irritating examples of medical providers not understanding that they already made the patient sign something saying they could release information to the insurance to get the claim paid. Do you want to get the claim paid? If you already had the patient sign a release form to file for insurance… then, please, help the insurance company get the dang claim paid…I hate closing claims.


    1. how did they find out your health info? did they access it on the pharmacy records or your health records? if so, then whoever gave your co-workers the personal health information would have violated hipaa laws. if they just are gossiping because you've told someone about it… then, no, not hipaa violation. rude, but not hipaa…

  16. My daughter recently went to our primary physician to obtain a pre-college physical. She could not get an appointment, but was able to take one that I had previously scheduled for myself. Once my daughter stepped in the room with the nurse practitioner, she stated to my daughter, “I see that you switched appointments with your mom, you do know that this appointment was very important for her, as she has a lump on her breast”. My daughter was completely shocked because I had not told her about it, as I did not want her to worry before she left for college which is 3000 miles from home. The nurse practitioner realized that my daughter did not know, and instead of trying to apologize began to further discuss the importance of me making another appointment to get in and get my breast checked.
    Never did the nurse practitioner apologize or did she ever call me to alert me to what she did. I have since called my doctor to meet with him to discuss what happened, as you can imagine, I am devestated and want to know if they violated my HIPAA rights or if this was a HIPAA vilolation? What are the fines or what happens to private practicing physicians when they vilolate a patient’s HIPAA rights.

    1. yes, this is a hipaa violation. i would ask to complete a hipaa report at the physician's office… however, i know from where i work that you have to have so many violations to have grounds for a lawsuit… this sounds like stupidity on the nurse's part… and would get her reprimanded by her employer… but not fined, as far as hipaa violations go… now, if she had gone to the local bus terminal, and announced over the intercom the same information… that's considered more “hits”… and a lot more serious… it would, however, go on her record that she had a hipaa violation… so i would report it to the physician's office…so she'll think twice about doing this again…

  17. Situation:
    Two healthcare workers are on a bus with other health care workers and one asks the other, “how was your day?” The other worker says – it was ok, I had a couple of patients that had strokes and some of the treatment was a little difficult.

    Another healthcare worker on the bus states this is a hippa violation. How is the violating HIPPA if absolutely no patient identifiers were used? More so, how is this any different than a doctor or health care worker posting their resume or using marketing to state the kinds of diagnoses they treat? Couldn’t one assume any patient being seen by that person have one of the diagnoses mentioned in the marketing?

    1. i am asking about the same situation i said something in the nurses station about a patient and since i said it in front of non-professional personnel they want to say its a hipaa violation. i did not say the patient's name in the conversation. is this a violation?

      1. I have a similar case to tracy were as person sitting in our lobby at a medical facility claims she overheard me talking about a patient, she proceeded to go and tell that mother and I was terminated. I was not talking about him but talking to a co-worker about two other cases with the same MRSA procedures to follow. Have I violated HIPPA

      2. what happened with this tracy? same thing happened to me, however i did say the pts name to CO-WORKER …… it was cause i found the pt had cancer and i was concerned.. i was suspended then fired ..will you advise …..thanks, milemarker630

    2. Anna, Scott Race from 916 Networks here. This is not a violation, as no personal information was given out. If names, addresses (or SS#) were used, then it's a violation, but if no personal info was given, NOT a violation.

    3. No this is not a HIPAA violation. You can talk about your day and experiences you have incurred as long as you do not use the patients name, DOB, etc.

  18. I live in South Carolina and there is a medical database here for hospital employees only. A person that knows me through the grapevine that works in the insurance department at the local hospital looked me up on this system with no reason or right. I was pregnant at the time and she wanted to look at my personal sonograms ect without mine or anybody elses permission. Apparently she continued to do this on a regular basis. I miscarried soon after this started. I came home from the hospital and hadn’t told my friends or family about the loss yet when the phone calls started. she had looked it up and proceeded to tell my friends and family before i could. Then she made up lies about the miscarriage saying i was on drugs and all kinds of untrue crazy things. And she swore her access to this website told all this so everybody believes her that i lost my baby due to drugs . . . Ive NEVER even done drugs!!! i lost my baby due to a gene mutation. But i have 3 people that have told me they heard it from her and she is telling the world my medical information and adding lies. This has devastated me and my family and I haven’t confronted her because i want to take proper legal action. What should i do????

    1. wow.. contact a lawyer. The hospital will be forced to produce the proof that she did this.. believe me, your employer knows everything you do on the computer at work… big time hipaa violation….

  19. My boss is constantly divulging personal information about coworkers including our health issues. I have tried to keep mine from him as I have Hepatitis C for which I was treated for 48 weeks with interferon & rebitol. I was very sick and missed work on FMLA & shortterm and long term medical leave. The treatments were unsuccessful. My boss inadvertently sent me a memo for a “justification” for lay off sighting my medical absence as a justification. Has he violated the law?

    1. discussing your personal health information in an email to others that you didn't authorize release to… and you received the email, by accident, that shows this proof… is a hipaa violation… and probably grounds for a lawsuit since you were fired due to a health reason. Remember the movie Philadelphia? An hiv positive lawyer is fired by his employer… and wins a lawsuit against them because they fired him due to his illness. You have proof of this, since you received the email… hope you kept a copy.. and contact a lawyer.

  20. i work in a multidisciplinary office, there are separate ‘businesses’ under one roof. One physician asked the receptionist-in-common if a patient had a visit scheduled with another doctor in the office…is it a HIPAA violation if she gives the answer to the Dr?

    1. sounds like this falls under the “none of your business” category, but not a hipaa violation…unless he needed to know so he could give the patient the best treatment.. in this case, would have to use common sense… and if it seems like this isn't something the doctor should know, then maybe the receptionist should mention something to her supervisor on whether this is information she should give out or not…I personally would tell the doctor I would need to look that up and get back with him.. and then check with my supervisor, or other doctor, to see if this info is ok to give to the other doctor. better safe than sorry.

  21. My husband has recently been diagnosed with sleep apnea. One day when i came home from work a message was left on my aswering machine to call the sleep study office to decide on which healthcare office we would like to have his orders sent to for a cpap machinge. Just as i was getting ready to call the sleep center i received a call from one of these healthcare offices stated they would like to have my husband use their office. I told them i would be calling the sleep center first. I did then call the sleep center and they told me something was not right because this healthcare office should not have had any information yet. Is this something we should be checking further for hippa violations?

    1. not sure.. but wondering why you would care, in this case? the sleep center was only calling a provider to set up a cpap machine for your husband. they were acting in your husband's best interest in this case… and you probably signed a generic release of information when he had the sleep study. they were contacting another health professional in order to give you the best service. kind of on the same line as calling in a prescription to a pharmacy. you should have thanked them… they were probably trying to get you a better deal on the cpap machine. I pay medical claims, and know insurance sometimes doesn't pay a lot for these…

  22. I was transported from work to the emergency. A co-worker-human resource worker-from my job stayed with me at the hospital. When the dr came in teh room after hetting test results. he informed me that I was pregnant, which I was not because i had just had an abortion 2 days prior, but my urine was still showing pregnancy. I had no idea he was about to give results of any test. He did not ask my co-worker to leave the room before giving me these results so of course she heard everything. i tried to cover it up by saying no I’m not and his response was yes you are the test says you are. I was horrified. How could he not ask if I wanted him to give results in front of her. This was not something that I wanted to explain in front of anyone. It was a choice i had made and he had no right revealing it. It had nothing to do with my current condition at all. Till this day I still feel like she may have told someone and that people are looking at me funny. I am so embarrassed to say the least. Its like coming to work and reliving a hard decision everyday, and it hurts everytime i see the woman. And no we look nothing alike so he could not have mistaken her for a family memeber and he even asked me when he came in ” so i understand you were transferred here from work”….I’m so upset. What can I do? I feel like I wanna quit my job.

    1. yes, hipaa violation. he should have asked the other person to leave the room. your medical history (diagnosis) is your PHI… personal health information…

  23. If you worked in a healthcare field and you discussed a patient without declaring that person’s name, are you violating HIPPA laws?

    1. no… but it's not a good idea. If it's not necessary for you to discuss the patient, and not needed to do your job, then you shouldn't be doing it. However, if you say enough that someone else overhearing could identify the patient you're talking (gossiping) about.. then, starts to come close to a hipaa violation.

  24. I work for a major medical corporation as a cma. Recently my husband was injured and started seeing some of the physicians I work with. My husband needed some appointment information to submit for reimbursement purposes and after having him sign a release of information, I retrieved the documentation he requested personally. My employer is now accusing me of violating HIPAA and wants me to sign a disciplinary form. Did I really violate any regulations?

  25. My husband was injured recently and decided to see some of the physicians I work with. He asked me to get some information regarding his appointments for reimbursement purposes and I told him after he signed a release of information I could. He came to my place of employment, signed the form and I personally retrieved the information later that day. My employer is now accusing me of violating HIPAA regulations and wants me to sign a disciplinary report. Did I really do something wrong? Am I obligated to sign a form stating I violated privacy practices when I feel I did nothing wrong and if I did I was not aware? PLEASE HELP CLARIFY !!!!

    1. sounds like the release of information he signed was just so HE could get the information.. and not so YOU could get the information.. in other words, he didn't specify that you were the one who could receive the ifnformation… if so, then it would be a hipaa violation. I'm wondering if you misunderstood what forms he signed… and didn't realize this? Even so, as long as your place of employment knows it wasn't intentional on your part, I think it shouldn't affect your job there. Sounds like your employer just wants to cover themselves.

      1. oh, to clarify… your employer is trying to cover themselves, in case your husband decides to file a lawsuit against you for release of personal health information…as long as you know your husband isn't about to sue you, I think you're safe. (being sarcastic, here..) I think your employer should have just reprimanded you, if you didn't complete the form correctly, specifying you could receive the information. Unless they're planning on suing you (and themselves, since they employed you) on behalf of your husband? Again, they're just trying to cover themselves…and getting a little anal about it…

  26. I had a CT Scan done and was waiting for the diagnosis in the front room. The receptionist received a phone call and asked for the patients name. She called me, by name and I got up from my seat and started walking toward the check in desk where she was and before I could get 3 steps in she told me and everyone else in the waiting room that they didn't find any more nodules in my chest and that I was free to go. Now, to me that is a HIPPA violation…What do you say?

    1. oh, yes… hipaa violation. Your diagnosis is your personal health information.. and shouldn't have been discussed in the waiting room.

  27. The Hopsital that I work for is trying to implement “walking rounds”, which means we give report on each patient at the patient's bedside, including diagnosis, primary medical history, lab results, readiology reports, etc. My main issue with this is that the vast majority fo the rooms are smei-private rooms, which means there is always at least one other person in the room at all times, let alone any family members and visitors. the only thing that actually separates the areas where the patients say is a sliding cloth curtain.

    I have repeatedly told my Nurse Manager that I feel as if this is a direct HIPAA Violation, and that I did not want to risk my Nursing Liscense over it. The last direction from her was that this was NOT a HIPPA Violation and that I “WILL” give all reports at the patients bedside. Is this a HIPAA Violation? If so, whom should I contact about this issue? This is a Federally run Hospital system- does that make a difference in adhearence to the HIPAA standards?

    1. No, this would not be a hipaa violation. The information that would be heard by the patient on the other side of the semi-private room would be considered required release of information to treat the patient. Look at it this way… you have to treat the patient, and this includes discussing their health history or diagnosis at their bedside. You can't exactly move the other patient out into the hall, can you? This would be considered unavoidable release of PHI. Now, it's a little different if you discuss the patient in the parking lot or your local bar after you get off work. That actually happened… a health care worker discussed all of his patients after work over drinks at the bar.. and it cost him a lot of money due to hipaa violations. Talking with the patient at bedside is not a hipaa violation. Your nurse manager is right.

      1. If there is a choice between giving report in front of the patient, roommate, and family members or giving report in a closed room away from them, doesn't that mean that bedside reporting is not a “required release of information” because the closed room is available?

  28. I was in a pharmacy recently and in front of other customers a pharm empl asked my name DOB and the type of medication I was taking. This was aksed from the other end of the counter. Iwalked down towards her and gave her the information. It being obvious to all around I do not care to share this info with everyone around me. She then turned around to the parmacist and said do you have (named med) for (said my name) out loud for everyone to hear. I then asked her why she shouted my personal information out. She said well I had to ask if he knew where it was. She is obviously very lazy and did not want to walk 10 steps to ask the pharmacist this information. I since called the store manager and told him about this. I do believe this is a violation of HIPPA. Am I correct?

    1. Yes, it was a hipaa violation. You should complain to the pharmacist and ask to fill out a hipaa report. The name of the medicine you're taking is your personal health information, and this is why they have consultation areas in the pharmacy now. The pharmacy tech should have just asked the pharmacist is your prescription was ready, and not said the name of the drug for everyone to hear. What prescriptions you take is personal health information.

    2. You are correct, This is a prime example of under trained and unprofessional individuals working jobs they have no business being in!!

  29. If a medical records worker is on break or not actually working on medical records at the time and is just pulling up patient charts on the computer just to read them, is that a HIPAA violation?

    1. Yes, that's most definitely a hipaa violation. Reading of medical records is on a “need to know” basis for the medical records worker.. and if a medical records worker is not reading the patient charts for information to file a claim or something else related to what's necessary to do the job, and is just reading out of curiosity, this is a Hipaa violation. If this person where caught doing this by the hospital they worked for, they would be fired.

  30. My employer gave a medical record that authorized treatment for hepatitis b vaccine consent to a lawyer and it was used against me during an arbitration hearing. This hep b treatment was an optional treatment relating to a blood exposure I was involved in at work. The arbitration hearing was for payment of overtime hours in relation to follow up blood testing.

    Is the use of that consent form a HIPAA violation?

  31. Question:
    I was away on medical leave. My supervisor told all the employees about my absent and why I was away from work. Is this a violation of HIPAA or any employee rights?

    1. Yes, I'm assuming that you were on FMLA. The only people who had “a need to know” about the medical diagnosis for which you leave was granted was, you, the health care provider who completed your FMLA certification and the plan administrator who granted your FMLA from work. If that administrator was not your supervisor, he/or she had NO right to share your medical diagnosis with anyone else either, not even your supervisor. The only thing your supervisor is privy to is the beginning date of your FMLA and expected return to work date. If you divulged to your co-workers the reason for your leave, that's your information to share. No one else has a right to share that information for you. Upon returning to work, if your physician returns you with any work restrictions, this is a different matter to be discussed with your plan adm. Those restrictions can possibly be discussed with your supervisor in accordance with your company's policies and ADA.

  32. Question:
    I was away on medical leave. My supervisor told all the employees about my absent and why I was away from work. Is this a violation of HIPAA or any employee rights?

  33. I work at a practice management co. and our system is one enterprise with over 70 practices, I had an office manager call and said she had to reschedule a patient and when she did she recieved a system alert stating the patient had another appointment for that date and time at a different practice name, since we have the one enterprise the system searches all practices. Is this HIPAA violation?

  34. my physician announced my name and my diagnosis and scolded me for not agreeing to a third surgery. He did all this in a waiting room that had a half dozen other patients. They all heard him as he did not lower his voice at all. I was relieved to hear the diagnosis at first then the realization hit that he'd violated my right to privacy. Do I have a cause of action against him and/or the hospital where this took place?

  35. i have a dentist who allowed her employee to send medical procedures from the office with her personal email address. is this considerd HIPAA?

    1. No, not unless he has been asked to consult on that patient's case. Just because an individual is a physician, it does not give them any special release from complying with HIPPA. They are subject to the same discipline as anyone else.

  36. Iwork atahospital and my daughter wasin thishospital for drug use and my coworkers were awareof it though they wre not involved in her care is thisa hippaviolation?

    1. Depends on how they found out. Did you or your daughter tell them or did someone who legally or illegally have access to her records tell them? BTW if your daughter is over 18 and you shared her info with co-workers, you too, are in violation.

  37. I self willingly turned my self into the police station regarding a car ticket during my 2 day stay a nurse evaluated my vital sighns in front of correctional officers and inmates she asked me from an unsafe distance what my medical conditon was I told her with my lips what my medical conditon was then as a correctional officer came close to the nurse she confirmed my medical condtion out loud the correctional officer lean into and told me she didnt mean to do is this a violation of HIPAA ?

  38. My coworkers husband, who is not a patient in our office, has cancer and she is now off work caring for him. I have her permission to discuss his condition with other coworkers in our office. Is this a hippa violation?

    1. Not as long as her husband has disclosed his condition personally to each individual you are discussing it with. His wife cannot give you permission to discuss her husband's medical information. He owns that information, not her.

  39. a couple of employess at a nursing home posted residents names on facebook and of some of their (residents) activity, without their permission. Some of it was personal. Is this a HIPPA violation?

  40. i was fired from a drs office for discussing an employees health condition .. was discharging me legal for just engaging in a conversation?

  41. When HIPAA first started, I recall something about it being a HIPAA violation for a patient to have more than one account number. Does anyone recall this or know where I might find it?

  42. I was seen by a Doctor in a very small office ( the waiting room , hallway are so close , you can HEAR everything going on. I was ushered out of the exam room, by the Doctor themself and when out in hallway the Doctor loudly started saying things about my medical condition for all to hear, employees and I know people in the waiting room heard as well, do I have a right to privacy in this respect, ( this is a workers comp matter) and so there is major tension with this Doctor recently, is there any violation in this, if not there should be, anything the Doctor needed to say to me should have been said while I was in that exam room, but purposely waited till out in hall right at front desk where everyone can hear nad just starts blurting things!

  43. question: I work at a medical practice. But I went to pick up my rx at the pharmacy. I was on the phone and stated to my friend that another nurse had called it in but when I said it I said his name at the register. Is that a Hipaa violation unsure if the cashier heard me.

  44. I've heard a temp employee tell customers that the regular employee was out for knee replacement surgery. Is this a HIPAA violation?

  45. I was at my pcp's for a regular visit. one of the office workers yelled out from the back room that I needed to make a payment on my account while I was setting up my next appointment. she also yelled out asking if my wife was getting back on medicaid or not. she didn't state any medical information on either of us but she did use our names within hearing range of the whole office and waiting room full of people. is this a hipaa violation? she did state how many prior office visits she was talking about.

  46. I work for a Medicare Set- Aside company and several days a week am ask to take home a case and set-up the medical and legal papers in chronilogical order (usually over 800 pages to sort). These cases have every bit of info need on our clients. We are told to keep it guarded while we have it out of the building. I take this very seriously, but unlike my office, outside of work is not a controlled enviroment, is my employer asking me to violate HIPAA? Mind you it is not aways asked it is expected.

  47. I was terminated from my job and my office manager told two employees why I was terminated. Is that a HIPPA violation?

  48. I was terminated from my job and my office manager told two employees why I was terminated. I worked in a medical office. Is this a HIPPA violation?

  49. I've an identical case to tracy have been as person sitting in our lobby at a medical facility claims she overheard me referring to a patient, she proceeded to go and inform that mom and I used to be terminated. I was not discussing him but speaking to a co-worker about two other cases using the same MRSA methods to observe. Have I violated HIPPA

  50. I've an identical case to tracy have been as particular person sitting in our lobby at a medical facility claims she overheard me discussing a patient, she proceeded to go and inform that mother and I used to be terminated. I was not talking about him but conversing to a co-worker about two other situations with the identical MRSA methods to comply with.

  51. I am employed as a Registered Dental Assistant. Every year all employees are required to take a skin TB test. In the past I had a positive skin test. Now every two years I get a chest x-ray ordered by the Medical director. This is a very sensitive issue for me. On October 4th employees had the skin test done. I was off on friday. Monday morning my co-worker tells me that the Dental director and a Rda were discussing out loud in a open setting, why the Rda doesn't think I get a tb test done. The dental director starts asking questions. Has she had a chest x-ray taken in the past? Was she born in Mexico? I work for a federally funded non-profit clinic in Ca. I feel that the dental director and co-worker have violated my rights? Do you think this is a Hipaa violation?

    1. Yes , Tracy this most certainly was a violation of your rights. This director being in a position of authority over personnel should more over be the prime example of NOT breaching HIPPA, and in my personal opinion, should be fired ASAP!!

  52. My NP took my medical history to her home computer to write a back handed apology to me, sent it to my home in a handwritten envelope with her home address and husbands name …..It was delivered by mistake to my neighbors house. when I read the apology, it stated all my intimate details of my recent visit to the doctors office. I immediately called the home office of this facilitiy to get this home computers hard drive , because this half baked apology letter with my name and information was now on it, outside of the medical facility..

    Is this a HIPAA violation?

  53. I had to do a fit for work test, The doctor who ordered it is a Kentucky state employee, I had filed greivence s concerning the reason for the testing. The doctor gave information concerning an a 2002 MRI I had privately had done and I was not employed by the state at that time, how he got the information is beyond me, as I never signed a release and no one employed by the state knows about my 2002 MRI The doctor who order the fit for work test and a new MRI gave my medical information to the person in the chain of command who is mediating my grievence . I did not give the doctor my permission to give mediator any of my medical information. Is this a violation of my rights?

  54. I am an LPN And I was out sick for a severe sinus infection and the day I called in it was discussed with the other staff members at the nurses station by my supervisor. She questions other staff members who had been to the same doctor if they had been written out for this before. She told them where I went to the doctor and who I saw. Is this a HIPPA violation and what can I do about it? Tthis is not the first time. time.

  55. I work for a state health care facility.My supervisor told a co-worker that I was out sick more then I was there. ( which by the way is NOT true). This co-worker does not even work in the same location that I work in. Is this a HIPPA Violation?

  56. My boss went on a couple of tirades against me in front of two different groups of people on the same day, saying the most personal disrespectful and slanderous things. I ended up going to the hospital later that day because I couldn't stop crying after these violent outbursts. The ER doctor put me on medical leave Friday – Monday (3-day holiday weekend) and the HR department processed FMLA papers for the days I was on leave.
    My boss refused me to allow to return to work and I was eventually fired two weeks later.
    The day I went to the hospital my boss began calling people and telling them I had had a nervous breakdown, yelling at managers and such, and had to be fired. I have three people directly confirm to me that my boss personally told them I had a nervous breakdown. Presumably there are many others, as I was a very popular senior executive at the company and my sudden disappearance had to be explained somehow.
    HIPPA violation?

  57. Is it a violation of HIPAA if you work at a hospital and a family member ask you to look up the test results and you do so having their permission and giving the test results.

    1. Are you kidding? Of course it is a violation of HIPPA. Any information that you are not specifically privy to is not yours to look at. You may want to re-read the HIPPA regulations again for a refresher.

  58. i worked for a company i was fighting an appeal, and in the process of my investigation i had a hipaa violation, but i did not know tharts what i had until i was told. i feel a lack of education was the blame.

  59. Tinawilson_2007


    long story short i had an atty violate my rights she told her friend who is a pt whos husband was one of the dr i work with who told my administrator who told human resource mgr who then told a coworker. what can i do

  60. Valkyriegirl_1


    I was just discharged from my company stating i violated a hippa law, I accidentally sent a pmt reciept to a patient and didnt block the other names out. They are fighting me on unemployement now, did I really violate the hippa law?




  62.  I was ask by my husband to make an appt for him in my department, so i went into his MR to see which doctor and what the reason was and to get his MR number , then realized that an appt was not needed twice. I do this on a daily basis with all my patients and was never told that was a hippa violation.  I was terminated 1 year after the incident and heard that other staff that did the same thing was not even terminated. Can you tell me if this is a hippa violation ?

  63. I work at a hospital. I am a Registered Nurse who attempt to call into work ill due to my medical condition. I was told by my Director I had no choice and had to come in, by the way I live 25 miles away. I did has I was told and went to work with numberous issue such has hitting the road work construction barrels. I arrive at work, walking in the parking lot and unable to get in the hospital. A fellow co-worker found me and helped me. The CNO of all people took me into the ER via a wheelchair. I had called my daughter or a close friend did and she was in the room with me. The ER doctor stated I was drunk and my daughter informed him I needed fluid and potassium ASAP. My husband also relayed that message to the er physician. But my Director decided to take it upon herself to my ER Room to find out what my problem  was as well as letting my Chief of Nursing Officer (CNO)  what my problems where. She took it upon herself to talk about my medical problems during nursing week infront of   fellow co-workers who some I didn’t even know.  I report this to our in the  hospital person who handles HIPPA violations. I don’t  have any answers or resolution to my problems. What do I do from here do I need a lawyer or where do I go from here. Sorry this is so long and answers??

    1. First off, if you’re a nurse and you’re getting drunk, you’re lucky you weren’t fired. It wasn’t right of them to discuss your problems in front of everyone, though.

  64. Here’s my story:

    My brother is currently prescribed suboxone for opiate addiction/dependence. He gets his suboxone prescription filled every month at a local CVS. A few days ago, a pharmacy technician at CVS (the pharmacy tech is friends with my ex wife) told my ex wife that my brother is on suboxone and that he gets them filled at the CVS where she is employed. Even though this has nothing to do with me, my ex is trying to use it against me. When I ask to see my kids and she does not want to comply, she accuses me of taking my brother’s suboxone. Yesterday she called griping for more money (child support is withheld from my paycheck already), and her accusation was that I could afford to pay her more money if I did not help my brother pay for his suboxone. The truth is that I do not take, nor do I help pay for my brother’s suboxone prescription. My ex wife is just grasping at straws. Furthermore, she is running her mouth and telling people around town that my brother is a pill head, etc.

    My question is:  Did not the pharmacy tech at CVS violate patient confidentiality laws when she told my ex what type of medication that my brother is on?  Do I or my brother have any recourse in this situation, aside from anger and frustration?  I have not informed my brother of the situation yet, but I’m sure he won’t be pleased to know that his personal info is being spread all over town because some pharmacy tech could not do her job and keep her mouth shut.

    Sorry about the length of my post, and any advice will be MUCH appreciated.

    1. Dear Disgustipated,

      Let me start by saying how disappointing this story was to read.  Your frustration and anger are totally understandable.  

      I’d like to preface my comments by saying that I am not, by any stretch of the imagination, an expert on HIPAA or privacy/confidentiality in all healthcare-related arenas.  As an RN, I understand the theories of privacy laws in the general sense and I know the guidelines as they relate to my function as a nurse in the hospital setting (meaning, I cannot say with 100% certainty what the rules or guidelines are for pharmacy professionals).  Also, I’d like to make it clear that my assessment of this situation assumes that your ex-wife did, in fact, learn of your brother’s prescription in the manner you described and not in any other way.  

      That said, it does, indeed, sound as though your brother’s rights were violated.  At the very least, what the tech allegedly did was unethical, if not illegal, and, I suspect, most likely violates CVS company policy on privacy.  Unless your brother waived his rights in writing AND specifically authorized the pharmacy to provide your ex-wife with information, I cannot think of any justification for the tech to tell her anything about his prescription(s) or pharmacy purchases (even to confirm that he is a customer there).  

      As for what recourse either of you have, I’m afraid I have even less advice to offer.  By all means, you should report the incident to the store/pharmacy manager so that the employee can, at a minimum, be educated on the policies and so that the store can take appropriate disciplinary action.  I have heard of hospital employees being fired for simply accessing/reading patient files when they were, in no way, involved in that patient’s care.  However, unless your ex-wife confirms your story, the tech may not be punished at all, it just depends on CVS policy.  You’d have to consult an attorney to determine if and to what extent you or your brother have grounds for litigation.  By the way, many healthcare-related companies have confidential hotlines where callers can anonymously report suspected violations.  I hope this helps.  Good luck!

  65. I was being seen by my Dr office, who had diagnosed me with a disability. I had spoke with a lawyer and they were curious how I got the disability. I went into my Dr office and had two friend with me. The Dr came into the room and after hearing thAT I was talking with a lawyer, she decided to say that I didn’t have a disability. I was very upset and asked to speak with some one else. A manager took me to get a print out of all my records. As I was in the room the girls at the front desk was talking about what was going on while my friends I’m the waiting room could hear everything. I ended up being removed from the Dr office and the police ended up speaking two me. While I was talking to the police officer with my two friends, the officer asked the security guard to go back to the Dr and request my prescriptions. The security guard came back to us and on three occasions told my friends that the prescriptions were narcotics.. has the Hillary law been broke..

  66. My husband is on Suboxone and he went to the Dr. for his next appt 1 week early. He told the nurse that he was going out to town and that is why he needed to move up his appt. The nurse called his boss to verify that he was going to be on vacation from work and his boss said NO. My husband is now fired because of this phone call. Does the nurse have a right to talk to my boss?

  67. I just had an incident with CVS two days ago.  When I went to pick up my prescription from the pharmacy the counter technician, after putting my prescriptions in the bag, took them out and without discretion repeated the name and dosage of each medication and asked me if that was right.  I can understand that she may have wanted to be sure I had everything, but there were people waiting for their prescriptions to be ready and other people on line.  Her voice was loud and heard by everyone.  I may change pharmacies because of this incident.  I was humiliated that she would share my prescription information with every one.  I don’t share my illness with anyone.  If you know my meds, you have an idea of my illness.

  68. Can you tell me if I was to send an email to a person intended for another person but the clients name  only is showing with no other information is that in violation of HIPAA?

  69. I work in a hospital and was injured at work. I saw a workers comp doctor and told my boss what the doctor said. She apparently didnt believe the doctor and I overheard her discussing my case with a doctor from our facility who is not invovled with my workers comp claim. is this a violation of hippaa?

  70. So if you know there was a HIPPA violation regarding your treatment and it was done maliciously then what? Can you sue and if so how do you go about it?

  71. A family member was seeing a social worker and my name and contact information was given to this social worker. The social worker then gave my address to an individual I didn’t want to have my address. I was not the patient so would this still be a HIPPA violation.

  72. my doctor thought i was suicidal when i called crying asking if I can increase my new depression medication. The doctors office called the police to do a wellness check on me and gave the police my emergency contact’s phone number that I had listed in my demographics a call disclosing my status, was this a hipaa violation?

  73. my boyfriend came with me to my baby dr’s appointment to see our first ultrasound. The doctor then asked me about my history of herpes. i havent told him yet (i know i should have) so the doctor told my information right in front of him. is that violating hippa or since i had him in there with me, she could say my information in front of him?

    1. Confused-

      I don’t know the exact wording, but I work with HIPAA compliance and know that if there is someone in the room with you that you wanted in the room, the doctor is able to speak openly about your medical details. Now if you made it clear you did not want your boyfriend in the room, or if the doctor discussed this in public, that would be a violation. Because your bf was in the office with you, it is considered reasonable (read: legal) to talk about your medical history. Basically it’s like this: doctors can discuss medical stuff with your family and friends if you, the patient, agrees OR, when given the opportunity, does not object. By having him in the room with you, you are “not objecting” to him knowing your medical details. I mean, after all, it is a medical check up… You should expect a doctor to discuss your medical history.

  74. A doctor performed a medical proceedure recently on a family memeber and confronted me in waiting area and openly discussed the medical proceedures in front of others, is this a violation? It left me angry and upset.

  75. I am undergoing infertility treatment (have Always had an issue for many years) I conceived my 2 year old via infertility treatment and have decided to try for #2. I am using a new office since we recently moved. Last week when I had my visit I went with my child she was in her baby carriage. After I signed in, registered, and went to the billing line I was on my way to the main spacious waiting room when a gentleman approach’s me and asks me if he can speak with my in private and points for me to go into a room behind me. The room was literally 3×3 and as I mentioned I had my carriage so we were squashed but I was more concerned with what he wanted to discuss with me. Well, he glances at my carriage and begins to say how the patients here are struggling with infertility and they see me and my baby and get upset. I ADMIT when he first told me I completely understood because as I mentioned I struggled for years myself so I said I completely understand so then he says “ok so if you wouldn’t mind whenever you come in for a visit will you please sit in this room” (no TV, NO, Window… just a TINY room. He would let the nurses know that I was sitting in this room, closes the door and leaves.

    Ok so that’s not even the main issue, but as I sat there I couldn’t believe I had agreed!!! Suppose this child was my niece or I was babysitting! I was so angry at myself for allowing that!

    Ok, on my next visit I went with my husband, to make a long story short, they couldn’t find my paperwork that I signed, the appointment was scheduled for the following day we were early… and so on…
    We saw the dr & he went over our records & my husband has Hep C, so he instructed us that he needs letters from our doctors giving clearance to proceed safely. After we saw the Dr., since he couldn’t find the rest of my blood work, he asked us to go to another floor with him. So we all take the elevator, low and behold guess whose inside, the guy who asked me to wait in the tiny room so I tapped my husband to say that was him! Anyway we all exit the dr tells us, he will brb he was going to see if he could track them down. And there he went at it again…. He walks over to us, and says, “hey can I have a word with you guys over here…” And points towards that room.. I immediately stopped him and said, “no you cant, but thank you. I am waiting in this room like everybody else, I’m not sitting in a room I can barely fit in. I agreed with you last time you approached me and now I thought about it and I struggled myself for 13 years and will not hide from other women.” Of course he was SHOCKED and said he was just doing his job….

    Anyway, the Dr comes back and says he located the paperwork. He then proceeds to tell us, how “we need to bring letters in from our PCP for my husbands Hep C and That he will need a letter for me as well from my dr because he wants to make sure I do not contract the Hep C as well. Or else we cannot continue with the treatment cycle”
    Here is my question….. The doctor said this in the waiting room in front of patients & there was one sitting directly to his right! I was SOOOOO EMBARRESSED I wanted to die!!!! Between the patients in the office now knowing my husband has Hep C & I may contract and no less, I had my baby there so it was even worse feeling for me!!! And that guy approaching me about sitting out of the main area I wanted to cry! I felt like people were looking at us in disgust like we were the family of diseases!

    So, my question is…. do i have a case with the dr doing that? I am not sure if this is a HIPPA violation or perhaps something else. (btw I never went back for my appointment and when the nurse called me I told her everything I said above and her comment about the dr saying that was “oh that’s not acceptable”

    Any advice? Do I have a case ?

  76. my sister worked at a hospital and got terminated for accessing a patients file they claim for not a right to know it was part of her job to access these files and pull reports for doctors when asked to in doing this they had no policy or procedure for nothing to protect her the hospital or the patients from a hippa violation if a complaint was filed (no log or place to note why in the file and for whom and was to give information to whom ever called as long as they stated they was from a doctor’s office with no proof) she stated that she was just doing her job that was the only reason she would be a file at all they investigated this and showed that she did log into the files but nothing was printed or faxed out then terminated her for a class 3 hippa violation this dont seem right to me could she sue for wrongful termination? 

  77. At work a guy had been fired because he was selling prescription drugs,  just back from FMLA they call us into the office and ask us what medication we were taking, isn’t this a direct violation of the law?

  78. My daughter’s doctor’s office called and gave her test results to one of her co-workers, who then texted her the info. her husband and I are the only ones on her list to be given medical info to. Did the doctor’s office break the hippa law?

  79. Each time I go to my pharmacy to pick up my medication I here personal information about other customers….Like, kinds of medication, phone numbers, medical record numbers, reasons for medication, patient’s name, address or phone number, Doctor’s name, and other patient information…..the pharmacy has 4 windows going at once and at each pharmacy their behavior is similar.  My guess is the HIPPA laws aren’t effective under these conditions…what do you think?

  80. i was @ my chiropractors office for an adjustment…i didn’t have a co-pay but when i got to the front of the desk the girl in  the back office yelled out “you owe for the last 3 visits plus this one which is 40.00 for each visit….thats $160.00, i asked why she was just informing me of my co-pay now and she could have done it “professionally” the last 3 months i was there? i told the receptionist that i had to go get my purse from the car and the lady in the waiting room started laughing and said “watch the bitch leave”….i was pissed and totally humiliated by this…..is this considered a HIPPA violation?  

  81. Kenneth g Varney-707-954-0431


    My name is Ken Varney with a clean record?In Del Norte County,C.A.,I was arrested  May 8,2011,Two months later not getting proper medical  while in jail.I had a stroke maybe 2 hours the jailer”s knowing something was wrong left in a wheel chair .They said you better not by faulting a stroke,while in kicking and shacking not ably to talk with flashligts in my eyes.The next morning in the Hospital kn know not under

  82. My husband was recently dismissed from a hospital, & he was given dismissal instructions , but the last three pages were on another patient. They were actually medical history & etc. We have contacted the hospital numerous times to discussed this incident, but have not been called back We feel like this was a hippa violation.


  84. is it a violation of HIPPA if i said nursing homes name and that someone pooped and it splattered on my shoe to a classmate? i didnt say anyones name besides the facilities

  85. My job requires me to have a physical every year.  My boss is given a complete copy of my physical and he says it isn’t a violation because he pays for it.  I know the law requires him to pay for it so I feel it is a violation my the doctor and my boss.  I’ve called several federal agencies and local agencies but get the run around.  Any advice as what I should do?  Thanks

  86. Hello! I’m hoping that you can help me to determine if this incident violates HIPAA and if I can seek an attorney for what has happened to me.

    I’m a Manager at a big-box retail store and I work with a part-time associate who is also a Pharmacy Tech at a Rite-Aid. I was shopping at the Rite-Aid where my co-worker works, where I picked-up a prescription. three days later this co-worker was walking through our store with another co-worker and she shouted out loud “Hey (name) – how’s that Viagara working for ya!” Both she and the other co-worker laughed hysterically! Where does she get-off demeaning me like that in public? When I saw her several deays earlier, it wasn’t Viagara that I’d bought, but I have purchased Viagara from that pharmacy branch before. I feel humiliated and betrayed by Rite-Aid and am very skeptical to go anywhere for fear that no privacy is being upheld.

  87. I think H.I.P.P A should have a rule .that if a doctor or nurse is not seeing you as a patient they should have no kind of right cause they can abuse the fact.of not going in for medical reason but for their own personal reason I think you should be able to sue.cause it happened to me.and it is hard to find a lawyer who will handle that case.and i’m still fighting about this cause it left me stress for a year trying to get help

  88. Cause a nurse went into my medical file not for medical reason but for to get my address so she can find her husband i was seeing cause they were no longer living together and she came to my home looking for him.

  89. What about someone works for lab core louisville ky and got someones test results and has caused her to so far cps came got her baby when the babies drug test was clean what can we do ? Yes the person that done this is going to be fired what about everything she has caused me

  90. I had to go to the emergency room my husband was out of town so I didnt want him to know after I was dismissed, they called my husband for some information

  91. I was just terminated yesterday from my employer of 8 months for a HIPAA violation. I work in a call center and my husband is a patient at this particular medical center. At the time, I was the only agent in the center and my husband called to see if his prescription was approved by his provider. I attempted to reach a receptionist to relay this information, however, none were available at the time. I accessed his record and looked up the rx to give details. I am on his “contact list” to receive medical information/details from his health providers. What I did is normal job duties I perform for any other patients at our medical center. I did not add or take away anything from his chart. Is this a HIPAA violation that warrants immediate dismissal?

  92. Is talking about a patient at an open nurses station, when the patient and others can hear the nurse’s a HIPAA violation? The nurse was telling the other nurses how I got her written up and pointing at me (the patient).

  93. I have a question about a maybe hipaa violation. I work for a medical office and some of the patient tell me things. I was told by a patient that her family member might have a contagious disease that this person can give to my very good friend in whom they are seeing. My friend is very sick right now and this can be very dangerous to them. The person with the disease is not a patient and I really don’t know them. I am in fear for my friend and do not know if I can tell them in fear of a hipaa violation. If I tell would it be a hipaa violation?

  94. I got hurt at work , they sent me to Dr treatment center at the end the dr snooped on my medications from
    Past saw I took nuvigil and assumed I had narcolepsy ? Although years ago without testing me they did say I may have a mild case I haven’t taken that medication in 2 months but now she won’t let me drive a truck until she gets waivers from those doctors I felt so snooped on and I have a outstanding record for over 20 years why are these doctors doing this ?

  95. CVS, as usual just had another incident wtih them.I get several prescriptions that are class A.these being narcotic, of course. Well, every month I get a different check in person, and mostly they are nice and respectful. This month I get a girl who is full of her self and power and tells me I cannot pick my meds up till tomorrow, and another med for a week and a half. I tried to get some chantax, but she said my Dr. would have to ask for a refferal to get that one. MY brother had just died that morning, and I was having a terrible day, as the little girl could see, I’m sure.Everyother month there was no problem picking up two of my meds the same day I check them in. But this girl was having nothing to do with that. One of the scripts was a refill. I asked for my prescriptions back, and went to another pharmancy who had no problem filling them the same day. And I called CVS and asked to pick my refill up that day, and it was approved to be picked up in 3 hours through the automated machine. The next day I went to CVS and asked for a greivence to no avail. I had to talk to head pharmacist, which got me no where. I talked to the store manager, who took more effort, but I’m sure he was shot down once he talked to the little girl and the head pharmacist. I just wanted to show that I did, and my insurance did pay for the two meds the day of my Dr. appt. and the little girl in charge of checking in the scrips is definetely unhappy with her job.
    The topper, I get a call from this little girl a week and a half later and she says she called my Dr. trying to get my chantax referred so she could fill them. She did not poses the precription, or did she have my permission to call my Dr. I had taken my precriptions and gone to another, kinder, understanding pharmacy. Did she have the right to call my Dr without having the precription and without my approval? Is she not breaking some HIIAPA law?

  96. My medical records are mi,ed with another person same name and they won’t correct the problem my personal info is being sent to old address

  97. My medical records show that I am 400lb man going for gastrobybass I am 180lbs and I don’t live in riverside,CA they are mi,ed with w other people and I cannot get them to correct the problem but they have lean on My workers comp case.

  98. I was staying with a friend at the hospital. She was crying in pain due to the nurse withholding her pain meds. And gave her the wrong meds. Per the nurse she told my friend that the woman in the next room was worried about her and wanted to know what kind of surgery my friend had. And she told this lady what surgery my friend had And continued telling my friend that the other lady knew what she was going through that she had the same surgery awhile back. What can my friend do? Her email address is chae196737@gmail.com

  99. Curious if this is a HIPPA violation. I work in the billing department
    for a mental behavioral health center we just moved into a new building and in
    our office they decided to put in an eight foot window, which means our
    computers are facing the window and it’s clear as day to see what’s on the
    screens. Our main door stays unlocked and we constantly have people (mainly
    people who are lost) walking in and out every day. I’m just curious to know is
    this a HIPPA violation?

  100. A former employer told me they threw out my 2-step TB test. Is it legal for them to do this? I lost the job a month ago after only being there a month.

Add Comment