Coming soon - Get a detailed view of why an account is flagged as spam!
view details

This post has been de-listed

It is no longer included in search results and normal feeds (front page, hot posts, subreddit posts, etc). It remains visible only via the author's post history.

405
But you're IT, HIPPA doesn't apply to you.
Post Body

Howdy boys and girls. It's been a while and I've changed jobs, yet again. Now working for a labor union's medical centers (hospital-esque type sites.) Just had a doozie of a call from a typical user.

One of my sites has just opened a new area which has some really cool medical tech, fingerprint readers to sign in to Windows for dual authentication and to allow the doctors to e-sign prescriptions, RFID badges to track the locations of anyone/thing wearing one, etc.

The problem is, the person that was chosen to lead this new area is, shall we say, challenged, and, apparently doesn't understand HIPAA. I present to you, my last call.

Me: "Helpdesk, this is YankeeNinja, how can I help you?"

User: "Ohhhhh, hiiiiiii, YankeeNinja! It's user from the Pod."

cue facedesk

Me: "Hi, user, what's the issue?"

User: "Welllllll, the doctor is in Room 1, and the mouse isn't working and neither is the fingerprint reader."

Me: "Ok, can you go in the room and turn the mouse off and on and let me know if that works?"

User: "Ummmmm, wellllll, I can't. The doctor has a patient in the room. Can you just send someone up?"

cue facedesk x2

Me: "Well, let me ask you a question then. If YOU can't go in the room because the doc has a patient, how can I? It's a HIPAA violation."

User: "But, you're IT, HIPAA doesn't apply to you."

Me: "Actually, it does. If you, a patient services rep would be committing a HIPAA violation by going into the room while the doctor has a patient, then how are the rules different for an IT rep?"

User: "Ohhhhh. Let me go in the room then."

O.o

As the user is going in the room, I remote into the machine specified and see someone using the fingerprint reader to authenticate into Windows, and moving the mouse around!

Me: "Ummm, user, I just connected to the machine remotely and saw another person using the fingerprint reader and is moving the mouse."

User: "Ohhhh, it's not the mouse, it's the keyboard."

Me: "But, you just said it was the mouse."

User: "I meant the keyboard."

Me: "Ok, well, I see whomever is logged in there now is able to type, use the mouse, and was successful in using the fingerprint reader."

User: "Waittttt...which computer are you watching?"

Me: "The one you told me the doctor was having an issue with."

User: "Ohhhh, noooo, I gave you the wrong machine name. The one the doctor is having a problem with doesn't have a label on it"

(Important note, all machines in this area have BIG labels with the hostname on it and all desktops have their hostname and IP imprinted on to the background via BGInfo)

Cut to me looking at the DHCP records to find what IP the "Right" machine is pulling and trying to remote in to no avail.

Me: "Well, I just tried remotely connecting to the machine having the issue, but I wasn't able to. I'm going to ask one of my colleagues to come up and take a look, but we have to remain HIPAA compliant."

User: "Can't you just come up and go into the room while the doctor is in there?"

Me: "As long as he doesn't have a patient."

User: "Ohhhhhhhh. Ok. Ok, but what if he does?"

scene

TL;DR - TIL that IT intervention during a doctor patient conversation is NOT a HIPAA violation, but a lazy user getting up and doing the exact same thing IS a HIPAA violation.

Author
Account Strength
100%
Account Age
12 years
Verified Email
Yes
Verified Flair
No
Total Karma
5,928
Link Karma
1,120
Comment Karma
4,764
Profile updated: 1 day ago
Posts updated: 3 months ago
IT Rabbi

Subreddit

Post Details

We try to extract some basic information from the post title. This is not always successful or accurate, please use your best judgement and compare these values to the post title and body for confirmation.
Posted
9 years ago