You are here

UPDATE: Animal Torturer (SD23) Working at Local Med Office

thinkthrice's picture

So I talked to the "Privacy Director" and she was rather dismissive; said that all employees are trained in HIPPA (duh).  I asked if there was psychological profiling done before hiring and she said no.  Then she added "we don't screen on ex family/divorce/marriage basis."

WTF? I wasn't asking that nor would I expect that anyone would screen on that basis; that doesn't even make sense.    I  mentioned that ex family has been hired, there is quite a rift/estrangement and do they have access to medical records in that job description.  She said they may have.    She also asked me what the employee in question's name is.   She ended the conversation with "if you suspect an actual breech, then contact us."

Well that's not very comforting since "rules don't apply to the Girhippo 'n' clan" (TM)


justmakingthebest's picture

I understand your concern that she could see private info. Is there something in particular you don't want her to know?

I guess I just don't have medical secrets. When I got hired on to this company 7 years ago I found out that my doctor was the owners cousin and they are very close. My Dr. made it a point to assure me that there would never be a breach in privacy, I told her I wasn't worried about it. I didn't have anything to hide from anyone. 

thinkthrice's picture

It just gives me the creeps knowing how nosey she is.   Chef closed a bank account when he found out his nephew's ex wife was working there.   Albeit she didn't work there long before getting dismissed. 

CajunMom's picture

but the director is right....they really can't do anything until a breach is reported. will have to keep watch. If she is prone to do such dirty crap, it won't take long. With the way these toxic individuals like to talk, the information will get to you quickly. And the minute you find out, report to HR and demand a resolution. Companies do not play around with HIPA could be very costly. Employee training on HIPA will cover exact measures taken when HIPA laws are violated.

I'm sorry. I understand your concerns on health issues and StepHell people. 

Mominit's picture

I kind of agree with JMTB on this one.  If you have something specific that you don't want SD to know about yourself or your BS, then perhaps this is a battle worth fighting.  In which case, go over the receptionist's head and ask the doctor how he is going to ensure your privacy.

But if it's just a matter of principle, and you don't actually have anything that your SD doesn't already know, I think I'd let it go.  The doctor's office doesn't need the drama, you don't need to spend emotional energy on a fight that doesn't need fighting, and if SD is dumb enough to snoop and brag, she's dumb enough to get fired in very short order.


thinkthrice's picture

But because we have been estranged for about 12 years now, there is plenty of "recon" she can do 

thinkthrice's picture

Other than to psychologically screen their applicants which I would think would be a benefit dealing with something as confidential and sensitive as client's medical records.    I can see it now, though:  SD: "did you know that dad had shoulder surgery and that TT had shoulder surgery because of an MVA,  blah blah"  aka gossip express.

Winterglow's picture

Isn't there a confidentiality clause in her contract? I'd be surprised if there wasn't. If there is and she snoops, she could be unemployable anywhere that doesn't involve flipping burgers... 

And I quite understand not wanting anyone and everyone to be able to rifle through your medical records. It's a question of privacy and has bugger all to do with having things to hide! 

thiscantbenormal's picture

Unless she's carrying a gun as part of her job, they are not going to psychologically screen someone that is basically doing data entry. They want a body with a pulse that is somewhat computer literate with no felonies.

I get it, you don't want her in your business especially if there is mental health issues in your records. But for something like shoulder surgery, is this something that has been kept secret from everyone to where it doesn't come up in general conversation if 2 people were talking about shoulder surgery experiences.

Hopefully she doesn't abuse her access at work.

Cover1W's picture

This is a HIPPA violation - do you have access and can verify any disclosures?

The HIPPA Federal website is pretty helpful.  I understand your privacy concern 100% - unfortunately you're going to have to watch for this yourself as an individual; the medical office itself doesn't control a worker's violation necessarily but viiolations are serious.

bananaseedo's picture

To be frank, I honestly don't think SD is as worried about doing rekon on you as you are on her.  I think you may be projecting a bit here.  It's been 12 years and you still constantly check into their lives and what they are doing. It's more then likely she doesn't even know that is a medical office you attend.  

You do rekon on them all the time, your fears are a tad misplaced, and the director hence told you so.  I would let this go. Even if they did know something or ran into the info by complete accident, you won't be privy to their gossip unless you find it online since you follow them so much.  I really wished that at some point  you would have let this go and just blocked them all, they are of absolutely no consequence to you anymore and haven't been for over a decade honestly.  Just unhealthy behavior-which shoot-we all do stuff that is bad for us, but truly, at some point just block it all, move on with your life and let the past stay there where it belongs.

ESMOD's picture

It kind of sounds like the director took your call as potentially complaining about them hiring her without doing some higher level screening.  Perhaps even requesting that they let her go.

What the real question should have been for them to answer was beyond "training" is there a way that you can block someone's access to our medical records?

That the reason you are asking is that you have has negative experiences with this person crossing boundaries and what you are looking for is some assurance that if you request some extra security on your information that they can block her access to your records specifically.

I get it from their pov.  They can't take action negatively against an employee when there is no proof that something happened.  But, I also understand your concern and if there were an added layer of security.. perhaps removing electronic records.. extra passcode.. keeping the physical records locked?  it might prevent access.

But, the bottom line may be that unless there is information you would find damaging if it were shared.. it may be a fight not worth getting into with them.  Whether she knows you had shoulder surgery.. or your husband had a knee procedure... those kinds of benign visits.. do they really pose a great risk if she knows them? other than you just would prefer she have zero knowledge.. if she told someone you had shoulder surgery.. what would that do? 

You could also leave it with the Dr office that you understand hippa training happens, but you have notified them of a potential privacy issue and if after your request for extra secruity she is able to access for non work related reasons? you will need to contact legal counsel.

Exjuliemccoy's picture

Frankly, I'd be more worried about AT stealing social security/credit card numbers from patients. If she has that access, of course.

caninelover's picture

I'd be worried about this too.  Keep a close eye on your credit reports and you may even consider 'freezing' them to block AT from stealing your identity.

Other than that - I agree with the poster above - they're not going to do mental health screening for low-level jobs, it simply isn't practical.  They will provide training but if AT breaks the rules they won't know unless you flag it.  

I would keep a record of the date of your initial meeting and who it was with.  That way if AT does do something you can go back with a stronger argument that they need to take immediate action.

Winterglow's picture

If it's a low level job she shouldn't be anywhere near personal data. If she is, it could cost the place a LOT for negligence if she lays hands on anything personal. 

Rumplestiltskin's picture

At my last job, a low-level employee filed false tax returns using social security numbers. It was a school and hundreds were used. Valid concern. You would be shocked at who has access to what. It's scary. 

caninelover's picture

An employee set up fake vendors and basically embezzled 7 figures before megacorp caught on!

advice.only2's picture

Maybe it's set up so she only has certain access, since she's only front office staff she would not be abel to access records that the doctor or billing people could access.  But I would still have a hard time with her being front office and collecting payments and knowing basic information such as phone number, address, DOB and SS#, along with CC information.

Rumplestiltskin's picture

Even if you have "medical secrets", that's ok. Lots of people do, and that's why they made a federal law about it. I've worked with people who don't want their parents to know they have HIV, or don't want it to get out that they've sought help for mental heath or substance abuse issues. Without an expectation of privacy, people would be less likely to get help for things. That said, calling the supervisor preemptively probably doesn't help. The only thing you can do is report any suspected breach like the lady said. 

Kaylee's picture

This is a subject I feel very strongly about, since I work in healthcare but also just because EVERYONE has the right to privacy. 

It never ceases to amaze me that people who are in a position of trust, blithely go ahead and snoop where they have no business to. Here's an example: 

Ex SD was on a nursing course placement at a hospital. She noticed that one of the patients in the area she was working in was a male she had been at primary school with. Now, she was NOT assigned to look after this patient BUT read his medical notes. She had NO RIGHT to do that.

She then went home and discussed this young man and the reason for his hospitalisation, with her father.

He told me. I absolutely hit the roof. I was going to report it to her course tutors, this massive breach of the Privacy Act, and the law and ethics around confidentiality.

He begged me not to, said he would talk to her bla bla bla....

I didn't report her in the end. She would have just denied everything, and it would have been my word against hers etc..I regret not doing anything and wish I had done something, not sure what.

It still rankles, and I still kick myself, believe me....

Merry's picture

I did report someone. Like you, I think everyone has the right to privacy and there is an expectation of such. A breach is serious stuff.

I was in for a medical procedure, and the tech and I were making small talk. Smallish town, so it's not a surprise that we know people in common. She started going OFF about a friend of mine who the tech didn't like. Told me WAY too much information. I told her it was none of my business and she just continued on the gossip train. I was livid and reported the instant I left the facility. Don't know what happened but I will not use that facility again.

notsurehowtodeal's picture

I completely understand your concern. It doesn't matter what kind of things are in your medical history - you don't want her knowing anything and I completely get that!

My SD works for the company where I have all my banking and insurance. She works from home, and I have no idea what division she is in, and she doesn't know I bank there - but it still makes me very uneasy.

DPW's picture

Our case management system allows us to block employees from specific client files, if needed. Our policies state that the onus is on the employee to advise if there is a conflict with any clients (how else are we to know, unless client calls us) and we lock the file on the employee so they are unable to access. And obviously, we can track where anyone looks on system. 

If you called me, as a supervisor to an employee, with your concerns, I'd have no choice to lock the file on the employee and also address it with them (privacy and confidentiality, etc...).

bananaseedo's picture

But I don't see how you can lock something if there is no proof they are even accessing their data?  Just assumptions doesn't seem like something one can go on.

DPW's picture

I can lock anything I want for whatever I want. Employees do not have 'rights' to access specific client files, especially if they are not even a client of their own departrment. Why does department A need to access department B's client files? Why does employee who is related to client A need to have access to their health file? Etc. 

I am, as part of the mgt team, responsible for ensuring that clients privacy is utmost. Law and agency policy. Employees are curious, employees snoop thinking they will not get caught. You'd be surprised how many infractions healthcare agencies experience at the hands of their employees, regardless of laws and policies in place. It's not disciplinary in nature, it's proactive. 

Rumplestiltskin's picture

I didn't know that was a thing (being able to lock certain people out of certain records.) It's a good idea, to be honest. In the companies where i have worked, people had levels of access, but as far as i knew, anyone could access any file at their particular level of access, if that makes sense. A scheduling clerk could access any file across the organization, but they might not be able to see as much info as, say, a nurse or a doctor.

When i was first starting out about 20 years ago, i heard of someone looking at their old professor's file and laughing. I've also seen people get written up for looking in their own file, which to me is a weird rule, but illustrates that some places are lax and some are extremely secure. If i knew someome had an axe to grind against me and had access to my records, i'd be nervous, too. 

ESMOD's picture

Unless it will limit the employee's ability to do their job... it seems that it would be just fine to keep certain records locked.. especially where there is a potential known conflict of interest, or a request has been made by the subject of the records.  It might be a small inconvenience for the practice to have another worker deal with any issues related to them.. but if it's "possible" in their system.. it should be done if a patient requests it.