People who have had prior experience in a medical or healthcare-related sector will have a degree of knowledge about what HIPAA means. HIPAA is an acronym for the Health Insurance Portability and Accountability Act. But do you know about the HIPAA Whistleblower Exception requirements?

Perhaps you are practising medical health personnel and you find someone culpable of a degree of malpractice in handling a patient’s health data and you want to issue a report? Maybe a nurse observes wrongly administered prescriptions to patients and wants to raise an alarm? If health personnel is involved in acrimonious acts tending towards criminal conduct that undermines processional health standards in offering care services that compromise patient health?

Can an employee divulge these peculiar circumstances to a lawyer while still staying within the limits of the HIPAA regulations? Yes, the HIPAA whistleblower exception is available within specified conditions.

HIPAA Ready
HIPAA Ready
HIPAA Compliance Management Application

Reduce Administrative Burden

See all the information in a centralized space

Keep your team updated with regular information

Contact Us

Employees are exempted under the HIPAA whistleblower exception to disclose PHI if the wrong party is

  • Involved in criminal conducts
  • Operating outside the bounds of professional and clinical standards
  • Renders undue care, services, or conditions without care for the danger to the health of the patients, workers, etc

The HIPAA whistleblower exception requirements do not stop here. There are two sides to it. After accepting a specific limit where the event meets one or more of the criteria listed above, that is just the first step. The second step is to ascertain who is capable of knowing about it. The first recommendable line of action is to approach your HIPAA compliance officer to help you assess the situation. This is advisable if and only if the officer is not a culprit in the incident. The following are the additional provisions covering the caliber of people liable for disclosure:

  • A regulatory agency with natural obligations to oversee such incidents in the healthcare sector
  • A certified health care accreditation body legally capable of handling the violation of professional or clinical standards
  • A practising attorney working for or on behalf of the employee/business associate to highlight the available legal options for covering the incident

Making reports to personnel such as an accreditor of the joint commission or the department of mental health in any of these instances doesn’t violate HIPAA regulations.

Despite this, we operate within the expectations that things should be done appropriately within an organization. However, in the case of a coworker violating patient health data privacy, you must have adequate knowledge of whom to disclose the details of the event. Note that, you might be required to disclose the cogent details of the aid patient such as name and the information that was accessed.

Report incidents with HIPAA Ready

HIPAA Ready compliance management software is also useful for issuing reports of any such incidents that you have observed to be of fraudulent or malicious intent. HIPAA Ready, in addition to some of the important features highlighted above, has an incident reporting feature that helps employees to identify the necessary channels they can contact on noticing those that have violated HIPAA.

The employee can access the feature to provide a brief description of the incident with a media file (image, audio, or video) as attachments for evidential purposes. This aspect should also contain information about the location (facility) in which the incident took place, the date, etc.

After filing the report on the app, HIPAA privacy or security officers will take note of the report and sign off for relevant action.

These kinds of situations are best avoided but due priority is given to observing the HIPAA compliance requirements, in the event that any situation violating it arises.Â