A physical therapist receives a phone call from a woman demanding to know when her daughter-in-law's next appointment is. The therapist tells the woman that she cannot disclose any information, and the woman becomes very angry and abusive, threatening to make a complaint. After the phone call, the therapist logs into the electronic medical record system to make a note about the conversation. However, since the two women share the same last name, the therapist accidentally accesses the woman's record instead of the daughter-in-law's record. The therapist realizes the mistake, but not before spotting that the woman suffers from a serious mental health disorder, which might explain her behavior on the phone. The therapist mentions to her supervisor the possibility of a complaint being brought and also mentions that the woman has a history of mental health problems. Do you feel that there has been a breach of confidentiality? Why or why not? How should the supervisor handle this situation? Should the patient be notified?
In your responses to your peers, indicate whether you agree with them about the way the situation was handled, and explain why or why not.
Sample Answer
This scenario presents a clear and serious breach of confidentiality with multiple layers of ethical and legal implications.
Has there been a breach of confidentiality? Why or why not?
Yes, there has been a significant breach of confidentiality. Here's why:
Unauthorized Access to Patient Records: The most direct and undeniable breach occurred when the therapist accidentally accessed the woman's (mother-in-law's) electronic medical record (EMR). Even though it was accidental and quickly realized, the act of accessing a patient's protected health information (PHI) without a legitimate treatment, payment, or healthcare operations (TPO) purpose is a violation. The therapist had no clinical reason or consent to view the mother-in-law's health information.
Disclosure of PHI to a Third Party (Supervisor): When the therapist mentioned to her supervisor that "the woman has a history of mental health problems," this constituted an unauthorized disclosure of the mother-in-law's PHI. Even if the supervisor also works for the healthcare organization, this specific piece of information (a serious mental health disorder) was revealed without the patient's consent and without a direct "need to know" for the purpose of handling the daughter-in-law's complaint or the initial demanding phone call. The supervisor's legitimate need to know was related to the potential complaint from the mother-in-law, not about the mother-in-law's health status.
Improper Use of Information: The therapist used the information gained from the accidental access (the mental health disorder) to "explain her behavior on the phone." This demonstrates that the information was not just accessed but also used to form a judgment about the individual, which is an improper use of PHI.