Get Live Chat Request a Callback Get live demo

← Back

Utah Hospital Aftermath: What Police Precincts Need to Do

Public Policy

Recently, like many Americans, we watched events unfold at a Utah based hospital between a police officer and hospital nurse. Being that our office is based in the Salt Lake City area, the incident hit close to home both literally and figuratively. Unfortunately, the police officer who arrested and allegedly assaulted a nurse for refusing a blood draw on an unconscious patient brought up more questions than answers. As all healthcare organizations should heed a warning whenever there is a security breach at any hospital, private practice, insurance provider, etc; we feel it is crucial that both providers and law enforcement understand what happened and how to prevent a similar incident from occurring.

What Went Wrong
In simple terms, the nurse was arrested for doing her job. By refusing the police officer to administer a blood draw on an unconscious patient she was protecting her patient’s rights. As the police body cam video illustrates, the nurse pleas with the officer stating she did feel she was doing anything wrong.  On the flip side, the same cannot be said for the officer involved in the incident. Under HIPAA, any person or organization who touches Protected Health Information (PHI) needs to understand and be aware of the basic rules around patient’s right to privacy including what can be released and what cannot.

One commonly misunderstood item under HIPAA is who constitutes as a business associate and who does not. By definition, a business associate is any person or entity, other than a member of the workforce of a covered entity, who performs functions or activities on behalf of, or provides certain services to, a covered entity that involves access by the business associate to PHI. In this case, the police officer was a business associate of the hospital and therefore needed to comply with HIPAA.

Workforce Training
One HIPAA requirement that is really highlighted through the events that unfolded during this incident is the importance of workforce training. It is unknown at this time whether the police officer has ever participated in HIPAA training, however, based on the events that transpired he clearly did not understand that in order to release PHI to law enforcement, there must be either a signed waiver/release by the patient, a court order or subpoena.

Although training employees on HIPAA may feel like an overwhelming or daunting task, it does not need to be. Most importantly, workforce training should be tailored to whether the organization is a Covered Entity, Business Associate or Hybrid and review how employees can impact the security of PHI. Had the police officer understood some basic patient privacy rules, the incident could have gone a very different way. Bottom line, police precincts should be offering basic HIPAA training for all colleagues.

In turn, when a member of law enforcement arrives at a hospital or medical facility he/she should be directed to a specific department to discuss their request. All hospital staff must be trained on what to do with law enforcement in the building so they can minimize disruption and ensure the appropriate action is taken. Some examples of a hospital department that may handle these requests include Health Information Management, Medical Records Department, or Legal and/or Compliance. This should be covered in during employee workforce training along with documented in the hospital or medical facility’s policies and procedures.

Moving Forward
As stated above, with appropriate training and awareness, the incident above could have been avoided. We applaud the nurse for understanding her rights and the importance of appropriate patient care. At HIPAA One we offer affordable and easy-to-use workforce training modules that can be customized for various organization types with a “game like” feel.

To view our modules or learn more, click here.

Written by Tracy Ziskovsky, HIPAAOne, September 12, 2017.

Topic: Public Policy

Other Resources Related to This Topic


2024 MIPS Improvement Activities (IA) Category Guide

Read this eGuide to learn what’s new, updated or removed for the 2024 IA Category...


How to work with MIPS CQM Data

In this recorded webinar you’ll learn how to collect and submit MIPS CQM data. You’ll...


2023 MIPS Attestation Guide

Doctors who provide services to Medicare patients have two tracks to choose from to receive...

“The money I have invested in AdvancedMD is miniscule compared to the return. I have never been more efficient – ever – in my professional life as I am now.”

Jed Shay, MD
The Pain Care Center

Read the story  ›

“[Our] patients are very well-educated and well-informed, and they want to see results quickly. The practice has to run extremely efficiently and be accessible to them. The nice thing about [AdvancedMD] is it has allowed me to be more efficient both in and out of the office. Now I don’t have to come back into the office, which is great for my family and everything else. It saves me a lot of time – probably an hour a day on the three days I work in the second office.”

Keith Berkowitz, MD
Center for Balanced Health

Read the story  ›
Estaban Lavato, MD - La Loma Medical Center

“The best thing I ever did in private practice was getting AdvancedMD—it has liberated me.”

Estaban Lavato, MD
La Loma Medical Center

“Having integrated practice management and EHR is absolutely wonderful, you don’t have to flip back and forth between systems—all of your information is at hand when needed.”

Raju Raval, MD

Read the story  ›