Published May 15, 2017
MOVAN15
2 Posts
I just graduated earlier in the year from nursing school and was confused when a friend told me that I was potentially violating HIPAA due to this scenario:
I was notified of a friends hospitalization through Facebook by her father and visited her. She just so happened to be at the same hospital/facility that I work at. I saw her on a day off and with her permission asked if I could share with a private group an update (which went along the lines, "she is doing better and could use some thoughts and prayers") - she agreed and appreciated the thoughtfulness. If I share this on social media, am I breaking HIPAA? She was never my patient and I never read any of her medical information...so this is where my friend (who also graduated nursing school with me) confused me with this comment?
quazar
603 Posts
No, no violation at all. You weren't her nurse, and any information you shared was shared with her consent, and it wasn't PHI such as her diagnosis, her lab results, etc. etc..
Nurse SMS, MSN, RN
6,843 Posts
Had she not consented, then yes, it would be a HIPAA violation. However, you had her consent and as such were within HIPAA guidelines. That being said, that consent was not in writing and you are held to a higher standard now. I would think if she is well enough for visitors she is well enough to pop onto Facebook long enough to post the sentence you wrote.
Remember, anything that even acknowledges someone is in a medical building cannot be disclosed without their permission. It does not have to contain medical information specifically.
JustBeachyNurse, LPN
13,957 Posts
Not a violation had her consent. You did not come across the information as an employee and did not disclose any PHI
I ended up taking down the post just because of the doubt in the first place, her father has been posting on fb about her updates, but she does not regularly post updates. It was just to ask for prayer requests, but with my lack of knowledge I just didn't want to violate any rights at all.
blondy2061h, MSN, RN
1 Article; 4,094 Posts
Had she not consented, then yes, it would be a HIPAA violation. However, you had her consent and as such were within HIPAA guidelines. That being said, that consent was not in writing and you are held to a higher standard now. I would think if she is well enough for visitors she is well enough to pop onto Facebook long enough to post the sentence you wrote.Remember, anything that even acknowledges someone is in a medical building cannot be disclosed without their permission. It does not have to contain medical information specifically.
That's just not true. She was a visitor. You can't break HIPAA if you're seeing someone as a visitor. Further, saying what room or floor someone is on isn't a HIPAA violation. You can call any hospital and ask what room Joe Blow or Jane Doe is in and they'll tell you unless that patient specifically asked to be excluded from the directory.
483-Does HIPAA permit health care facilities to inform visitors about a patient’s location | HHS.gov
SouthpawRN
337 Posts
If you did not become aware or locate her via your professional activities as a nurse/nursing student, then no violation has occurred. Where their would be a violation is if, for example, you searched the hospital computer or records to find out if she was a patient and what room she was in. I can give an example. Our professor became sick during out clinical day while we were on the floor. The charge nurse informed us of this and said we all had to go home for the day. We decided to get her a card, all sign it and drop it off to her in the ER. We identified ourselves and asked if we could drop the card off. I was directed to her room by the ER staff. IF, however we accessed the computer record instead to find which room she was in, that WOULD be a HIPPA violation. does that help?
~Mi Vida Loca~RN, ASN, RN
5,259 Posts
Something to keep in mind in situations like these, although you did not violate HIPAA. it can create a mess and a very large headache regardless. In the end you should be found that you weren't in any violation. But it might not be worth all the trouble. That's something you have to decide and if a fuss was made it might put you on the hospitals radar. There is so much misinformation about HIPAA and it gets taken to the extreme because of that.
I have dealt with 2 separate scenarios. 1 was similar to yours and nothing came of it.
Another I was actually placed on administration paid leave while an investigation was done. Administration tried to tell me I was in the wrong in which I stated I was absolutely NOT in the wrong and did not violate any rules or policies. They tried to intimidate me by stating that it still would not end well for me blah blah blah. At the end of it I got 1.5 weeks paid vacation from the leave and was cleared. In that scenario it was scary, not just at the thought of losing my job and having reason for termination be a BS HIPAA accusation, but the biggest thing was I didn't even know how I could have handled the situation differently. I did what I should have done. I was a much newer nurse at the time and lessons were learned.
So just be very careful. Especially if you don't have written proof from the person stating they don't mind you sharing. But especially since it's the same place you work.
It would be a HIPAA violation, not HIPPA
Rose_Queen, BSN, MSN, RN
6 Articles; 11,935 Posts
I am truly amazed at how many misconceptions there are about HIPAA, especially as most (if not all) facilities/schools require mandatory training as part of orientation and ongoing annually.
not.done.yet, it is impossible for the OP to commit a HIPAA violation by talking about what she learned directly from the patient as a visitor. It's gossip, and nothing more. Additionally, "anything that even acknowledges someone is in a medical building cannot be disclosed without their permission" is patently false as well. HIPAA does indeed allow for a directory of patients to exist. If a patient wishes not to be part of that directory, he or she must opt out.
I am truly amazed at how many misconceptions there are about HIPAA, especially as most (if not all) facilities/schools require mandatory training as part of orientation and ongoing annually.not.done.yet, it is impossible for the OP to commit a HIPAA violation by talking about what she learned directly from the patient as a visitor. It's gossip, and nothing more. Additionally, "anything that even acknowledges someone is in a medical building cannot be disclosed without their permission" is patently false as well. HIPAA does indeed allow for a directory of patients to exist. If a patient wishes not to be part of that directory, he or she must opt out.
What's worse is how mis-informed the hospitals own administration and management seem to be about it. They are so worried about getting sued and even a rumor of a violation they just act. I was literally sitting there debating the CNO on what was considered a HIPAA violation (and as it's been commented here, when I debate and I know I am not wrong, I don't stop) and when I came back at her to pull up the actual rules regarding it to back my claims is when she then turned it to "well it was still poor judgment" and when I asked what I should have done instead? She had no response.
Lord almighty. Scenarios like yours are what lead me to a) never be friends with coworkers on social media and b) never talk about work or anyone's medical condition on social media and c) keep my social media accounts clean and locked down. I should be shocked at what happened to you, but sadly, I'm not. Glad you stood your ground and got out of it. Shame on them.