Is this a HIPAA violation?

Nurses HIPAA

Published

I have a friend on Facebook who works (not a nurse, but works at the desk) in the ER at a hospital in my area. She sometimes posts things on facebook that happen at work in the ER. Recently, I saw that she made a post about the shift she was working, the department she works in(ER), what her job is(checking pts in). It does say on her FB page which hospital she works in, but that info was not in the actual post I am referring to. So in this specific post, she wrote about something that happened that night in the ER. She was saying that a lady and child came in to the ER and she checked them in, the child was acting like she was abused she could tell by her body language. She wrote a long post about this an that CPS was called (not sure if the hospital called or she did on her own), an that she hopes the lady rots in h***. Anyway, she did not write any of their names or anything, but just told the story about what happened. Is that a HIPPA violation? I have just started nursing school and am really curious about this. I know I personally would NOT post that type of info, but still would like other input.

Specializes in Psych, Corrections, Med-Surg, Ambulatory.

My understanding is that it IS a HIPAA violation because enough information was posted that the lady could possibly be identified by someone who knows her. In any case, your friend could certainly be dismissed for this. Most health-care facilities now have strict policies about posting ANYTHING that happens in the workplace, because they are responsible for the conduct of their employees and can face severe penalties for any confidential information that goes public.

Up Vote Up Vote ×
Specializes in Leadership, Psych, HomeCare, Amb. Care.
Okay, so maybe it is a HIPAA violation if she gave the date that the patient came into the hospital? I did find a list of HIPAA regulated patient identifiers and "dates" is on the list. Either way, it seems like there is a fine line that she seems VERY close to crossing.

Yes, it is a potential violation.

If there is enough information that friend, family, or someone else in the ER could "connect the dots," then it is a violation.

Up Vote Up Vote ×
Okay, so maybe it is a HIPAA violation if she gave the date that the patient came into the hospital? I did find a list of HIPAA regulated patient identifiers and "dates" is on the list. Either way, it seems like there is a fine line that she seems VERY close to crossing.

Since you are a student, I was going to point out that you kept referring to "HIPPA" violations so that you didn't get nailed by your professor. But I see that you picked up on this.

I think you are smart to consider the implications of your friend's behavior. That is exactly what nursing students should be doing constantly as you meld your clinical knowledge with your internal values and also with professional and personal ethics. Also nothing wrong with throwing it out to the nursing community to get feedback from actual nurses.

As to comments further back in the thread, not only are nurses bound by ethical principles when dealing with patients, we often have a legal duty to report certain things, such as suspected child abuse. The OP cannot do this as she was not present at the hospital, but it's possible that professionals working there that day who suspected abuse were legally bound to report their suspicions. Since we were not present, we cannot know for sure whether or not that legal obligation was met or was even appropriate to the situation.

Up Vote Up Vote ×
Specializes in Pediatrics.
Again, she is not my coworker. No, it is not the same thing at all...at least not from my a point of view. I don't do clinicals at the location where my friend works, nor am I employed there. Not to mention, I did not say what hospital it was, I just said in my area. So, I don't really think that is what is going on here, even unintentionally.

And the OP gives no identifying factors about herself. most importantly his/her name. Just think of what a patient can find out about us by readng our ID badge (this goes for any job where you display your name). All they have to do is google t, and most likely the first result will be their facebook page.

Up Vote Up Vote ×
and the op gives no identifying factors about herself. most importantly his/her name. just think of what a patient can find out about us by readng our id badge (this goes for any job where you display your name). all they have to do is google t, and most likely the first result will be their facebook page.

i suppose that would be true of anyone to whom you are introduced-they could google you.

at my facility, only our first names appear on our badges.

Up Vote Up Vote ×
Specializes in Pediatrics.
I suppose that would be true of anyone to whom you are introduced-they could google you.

At my facility, only our first names appear on our badges.

You're absolutely right (if you introduce yourself with first and last name).

I don't believe I have ever seen a healthcare facility that has only first names on their IDs (with the exception of a doctors office). Not saying I think our first AND last make needs to appear on our IDs...

Up Vote Up Vote ×
Specializes in Emergency, Telemetry, Transplant.
You're absolutely right (if you introduce yourself with first and last name).

I don't believe I have ever seen a healthcare facility that has only first names on their IDs (with the exception of a doctors office). Not saying I think our first AND last make needs to appear on our IDs...

I know that in our dept, a lot of people cover up their last name with stickers or the like...

Up Vote Up Vote ×

Beyond whether this is a HIPAA violation or not -- Would you feel comfortable giving personal information to this person knowing now what you know? Knowing what you know, if you had a choice, would you go to this ER when this person was working? Would you feel comfortable having your husband, wife, son, daughter, mother, grandmother, give very personal information to this person? If this is a consistent activity for this person, this is not the kind of person one wants working in any medical situation. Regardless of HIPAA.

Up Vote Up Vote ×
Specializes in Emergency, Telemetry, Transplant.
Beyond whether this is a HIPAA violation or not -- Would you feel comfortable giving personal information to this person knowing now what you know? Knowing what you know, if you had a choice, would you go to this ER when this person was working? Would you feel comfortable having your husband, wife, son, daughter, mother, grandmother, give very personal information to this person? If this is a consistent activity for this person, this is not the kind of person one wants working in any medical situation. Regardless of HIPAA.

And I'm pretty sure if this had been an employee in the ED in which I work, she would not be working there for long.

Up Vote Up Vote ×

To the OP: Have you communicated any of this to your Facebook friend and cautioned her about the seriousness of her actions? If she thinks you're overreacting, have her come take a look at this thread. Maybe she'll see the potential harm in what she is doing and change her ways.

Just a thought.

Up Vote Up Vote ×

I would tell your friend that if she wants to keep her job she needs to eliminate the facebook posts involving patient stories. All it takes is one person who is a, "FB friend," to relay the message to someone else whether it be another coworker, boss, the actual patient, etc.

Up Vote Up Vote ×
Specializes in retired from healthcare.

You have to give identifying information like where they live for it to become a legal issue.

I still think it's insensitive for anyone to post this. There is the chance that some people reading it might know the client she's talking about if they happened to be in the wrong place at the wrong time.

Up Vote Up Vote ×
+ Add a Comment