DISCLAIMER: The information provided in this article, other knowledge base articles, and the Compliancy Group website do not, and are not intended to, constitute legal advice. All information, content, and materials in the Knowledge Base and on the Compliancy Group website are for general informational purposes only.
Medical job shadowing involves a student, typically an undergraduate, observing a working medical professional throughout that medical professional's typical work day. Medical job shadowing typically involves following and observing a physician, nurse, or other healthcare professional while these individuals conduct their work in a healthcare setting (e.g., clinical setting or hospital setting). Many medical schools and professional healthcare programs require applicants to complete job shadowing hours as a prerequisite to admission. Job shadowing hour requirements typically need not be satisfied all at once; many medical schools and professional healthcare programs prefer or require that the hours be completed over time with multiple physicians or healthcare professionals.
Job shadowing in the healthcare environment may involve the "shadower's" being exposed to patients and their protected health information (PHI).
HIPAA requires covered entities (CEs) to safeguard the privacy and security of PHI. The HIPAA Privacy Rule provides that covered entities may, without patient consent, use or disclose PHI to carry out treatment, payment, and healthcare operations.
Healthcare operations include, among other things, “conducting training programs in which students, trainees, or practitioners in areas of healthcare learn under supervision to practice or improve their skills as health care providers, [and] training of non-health care professionals, accreditation, certification, licensing, or credentialing activities.”
The workforce of a covered entity is defined as “employees, volunteers, trainees, and other persons whose conduct, in the performance of work for a covered entity, is under the direct control of such entity, whether or not they are paid by the covered entity.”
Whether job shadowing is (a) a healthcare operation (e.g., does it constitute "training"); and (b) constituting "performance of work" is a question to be answered by qualified legal counsel.
Workforce members must be HIPAA-trained before they can access PHI. If a practice, working with legal counsel, determines that a job shadower is performing "healthcare operations" as a "workforce member," the attorney may recommend that the patient provide signed consent from the patient to conduct the shadowing, and that the practice store the signed consent in the patient medical record. If the attorney determines that the job shadower is not engaged in "training" and is not "performing work" for a practice, the attorney might recommend that the patient being observed provide signed written authorization, authorizing the shadowing.
May a School Have an Obligation to Provide HIPAA Training?
Frequently, there is an agreement between the educational institution the student attends on the one and, and the healthcare setting (e.g., hospital, teaching hospital) on the other, under which training is specifically designated as the responsibility of the healthcare setting. These agreements may also address issues such as confidentiality agreements, written patient authorization, and notice to the patients regarding the participation and presence of students in care settings.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article