Privacy Officer's Roundtable

Chart documentation

  • 1.  Chart documentation

    Posted 07-28-2020 01:58 PM
    ​Hi everyone.  Can you help me with this one?  Still being new to this, I appreciate all your help.  I have a snapchat that an employee sent a photo of a note in that was entered in a residents record.  This is a small LTC facility.  Nothing that identifies the patient is visible.   No demo's, no MRN, etc.  Just the documentation.  Here's the thing.... if this was sent to others that work there (no proof that it was sent to anyone other than staff) and it was immediately known who the resident was, is this considered identifiable and constitutes a violation?  If so, I know to use my RA and figure out if it was reportable or not.  But I am teetering on it.  It's not like a photo of a face that I've dealt with in the past.  That's pretty clear.    Any help would be appreciated.  Thanks!

    ------------------------------
    Tara Yeaton, RHIT, CHPC
    Director of HIM Operations
    Deputy Privacy Officer
    MaineGeneral Medical Center
    Augusta, Me
    ------------------------------
    2020 SCCE Membership


  • 2.  RE: Chart documentation

    Posted 07-28-2020 02:57 PM
    Tara,
    This may be a violation of your policies, it may be a "breach" of ePHI, if the note was sent to other staff who do not work with the client who they may have identified. Personally, i would conduct a LoProCo assessment anyway and likely determine that it met one of the 3 exceptions or at least did not reach a level higher than a lo probability of compromise, and therefore would not require a report.

    ------------------------------
    David Rothery, CHC, AWI-CH
    Compliance & Privacy Officer
    Health & Human Services
    Marin County, CA


    These are my personal opinions and not those of the County of Marin
    ------------------------------

    2020 SCCE Membership


  • 3.  RE: Chart documentation

    Posted 07-28-2020 04:04 PM
    ​Thank you for the quick reply.  That is where my head was too.  I seem to always second guess myself with any new concerns that I haven't dealt with yet.  It's nice to have folks like you to run things by.  This group is so helpful.

    ------------------------------
    Tara Yeaton, RHIT, CHPC
    Director of HIM Operations
    Deputy Privacy Officer
    MaineGeneral Medical Center
    Augusta, Me
    ------------------------------

    2020 SCCE Membership


  • 4.  RE: Chart documentation

    Posted 07-28-2020 08:30 PM
    David it would only like fit an exception if unintentional or inadvertent. But I agree an assessment should be done. 
    Tara under the regs not only must there be none of the 18 identifiers but nothing else that can be used with the information share that can identify the resident. Hope this help. Marti

    Sent from my iPhone



    2020 SCCE Membership


  • 5.  RE: Chart documentation

    Posted 07-29-2020 10:12 AM
    Agreed! Thank you for clarifying the exception rule Marti.

    Best regards

    ------------------------------
    David Rothery, CHC, AWI-CH
    Compliance & Privacy Officer
    Health & Human Services
    Marin County, CA


    These are my personal opinions and not those of the County of Marin
    ------------------------------

    2020 SCCE Membership