Can posting about a friend breach HIPAA?

No, no violation at all. You weren't her nurse, and any information you shared was shared with her consent, and it wasn't PHI such as her diagnosis, her lab results, etc. etc..

Not a violation had her consent. You did not come across the information as an employee and did not disclose any PHI

Had she not consented, then yes, it would be a HIPAA violation. However, you had her consent and as such were within HIPAA guidelines. That being said, that consent was not in writing and you are held to a higher standard now. I would think if she is well enough for visitors she is well enough to pop onto Facebook long enough to post the sentence you wrote.

Remember, anything that even acknowledges someone is in a medical building cannot be disclosed without their permission. It does not have to contain medical information specifically.

That's just not true. She was a visitor. You can't break HIPAA if you're seeing someone as a visitor. Further, saying what room or floor someone is on isn't a HIPAA violation. You can call any hospital and ask what room Joe Blow or Jane Doe is in and they'll tell you unless that patient specifically asked to be excluded from the directory.

483-Does HIPAA permit health care facilities to inform visitors about a patient’s location | HHS.gov

If you did not become aware or locate her via your professional activities as a nurse/nursing student, then no violation has occurred. Where their would be a violation is if, for example, you searched the hospital computer or records to find out if she was a patient and what room she was in. I can give an example. Our professor became sick during out clinical day while we were on the floor. The charge nurse informed us of this and said we all had to go home for the day. We decided to get her a card, all sign it and drop it off to her in the ER. We identified ourselves and asked if we could drop the card off. I was directed to her room by the ER staff. IF, however we accessed the computer record instead to find which room she was in, that WOULD be a HIPPA violation. does that help?

Something to keep in mind in situations like these, although you did not violate HIPAA. it can create a mess and a very large headache regardless. In the end you should be found that you weren't in any violation. But it might not be worth all the trouble. That's something you have to decide and if a fuss was made it might put you on the hospitals radar. There is so much misinformation about HIPAA and it gets taken to the extreme because of that.

I have dealt with 2 separate scenarios. 1 was similar to yours and nothing came of it.

Another I was actually placed on administration paid leave while an investigation was done. Administration tried to tell me I was in the wrong in which I stated I was absolutely NOT in the wrong and did not violate any rules or policies. They tried to intimidate me by stating that it still would not end well for me blah blah blah. At the end of it I got 1.5 weeks paid vacation from the leave and was cleared. In that scenario it was scary, not just at the thought of losing my job and having reason for termination be a BS HIPAA accusation, but the biggest thing was I didn't even know how I could have handled the situation differently. I did what I should have done. I was a much newer nurse at the time and lessons were learned.

So just be very careful. Especially if you don't have written proof from the person stating they don't mind you sharing. But especially since it's the same place you work.

If you did not become aware or locate her via your professional activities as a nurse/nursing student, then no violation has occurred. Where their would be a violation is if, for example, you searched the hospital computer or records to find out if she was a patient and what room she was in. I can give an example. Our professor became sick during out clinical day while we were on the floor. The charge nurse informed us of this and said we all had to go home for the day. We decided to get her a card, all sign it and drop it off to her in the ER. We identified ourselves and asked if we could drop the card off. I was directed to her room by the ER staff. IF, however we accessed the computer record instead to find which room she was in, that WOULD be a HIPPA violation. does that help?

It would be a HIPAA violation, not HIPPA

I am truly amazed at how many misconceptions there are about HIPAA, especially as most (if not all) facilities/schools require mandatory training as part of orientation and ongoing annually.

not.done.yet, it is impossible for the OP to commit a HIPAA violation by talking about what she learned directly from the patient as a visitor. It's gossip, and nothing more. Additionally, "anything that even acknowledges someone is in a medical building cannot be disclosed without their permission" is patently false as well. HIPAA does indeed allow for a directory of patients to exist. If a patient wishes not to be part of that directory, he or she must opt out.

What's worse is how mis-informed the hospitals own administration and management seem to be about it. They are so worried about getting sued and even a rumor of a violation they just act. I was literally sitting there debating the CNO on what was considered a HIPAA violation (and as it's been commented here, when I debate and I know I am not wrong, I don't stop) and when I came back at her to pull up the actual rules regarding it to back my claims is when she then turned it to "well it was still poor judgment" and when I asked what I should have done instead? She had no response.

What's worse is how mis-informed the hospitals own administration and management seem to be about it. They are so worried about getting sued and even a rumor of a violation they just act. I was literally sitting there debating the CNO on what was considered a HIPAA violation (and as it's been commented here, when I debate and I know I am not wrong, I don't stop) and when I came back at her to pull up the actual rules regarding it to back my claims is when she then turned it to "well it was still poor judgment" and when I asked what I should have done instead? She had no response.

Lord almighty. Scenarios like yours are what lead me to a) never be friends with coworkers on social media and b) never talk about work or anyone's medical condition on social media and c) keep my social media accounts clean and locked down. I should be shocked at what happened to you, but sadly, I'm not. Glad you stood your ground and got out of it. Shame on them.