I was just wondering what I should do in a sticky situation I'm facing. Recently, I left my office position and moved on to someplace else, but I still keep in touch of my former co-workers, mainly through Facebook. Well, one of my girlfriends has a picture album posted on FB titled "office fun" which features pics of the girls, office manager and other stuff around the office. The issue is, as many of you may have guessed, that in almost every one of her pictures there is all types of HIPAA violations. Some of the pics have charts in the them, face sheets (which includes pt's full name, address, DOB, and insurance info) and some even have pt's in the background!! Now, I'm not going to lie, the charts and face sheets aren't very easy to read if you're just glancing with the naked eye, but if you just so happen to be Super Hacker, with the right equipment and the desire to steal a pt's information... well, its right there for you. And I was in total shock to see that she posted a pic with a pt's mother (it's a split office, internal medicine and peds) standing right there in the back... I mean, AS CLEAR AS DAY! I commented on one of her pics telling her that it was a HIPAA violation, not preaching to her but just giving her a heads up that maybe she should remove it, but as of right now... no response.
So I guess my question is, what should I do? I don't want it to come off to her like I'm waving my finger, but I do want for her to protect herself from getting into any trouble and also protect the identities of our pts. I mean, she is a big girl, she's knows about privacy laws just like everyone else, but... Idk. Maybe she just isn't thinking clearly right now. Should I reach out to her again? And if so, how do I approach the situation without sounding like I'm telling her what to do. Any suggestions?? Thanks in advance, guys!