Can posting about a friend breach HIPAA?

Had she not consented, then yes, it would be a HIPAA violation. However, you had her consent and as such were within HIPAA guidelines. That being said, that consent was not in writing and you are held to a higher standard now. I would think if she is well enough for visitors she is well enough to pop onto Facebook long enough to post the sentence you wrote.

Remember, anything that even acknowledges someone is in a medical building cannot be disclosed without their permission. It does not have to contain medical information specifically.

Not remotely correct. HIPAA applies to covered entities. The OP, in his/her personal life is neither a covered entity nor working on behalf of any covered entity (nor acting as the covered entity's business associate). The information about the friend also was not gathered as a result of the OP's employment by a covered entity or business associate. In this particular scenario, had the friend not "consented", it ALSO wouldn't be a HIPAA violation but rather a gossip-like disclosure obviously in poor taste.

The fact that so many nurses misunderstand things like HIPAA and EMTALA in and of itself puts others at risk of completely false allegations and raises unnecessary suspicion about personal integrity. We all should know more than the reductive and overly-simplified version of these laws as they are often told to us.

19-Who must comply with HIPAA privacy standards | HHS.gov

Lord almighty. Scenarios like yours are what lead me to a) never be friends with coworkers on social media and b) never talk about work or anyone's medical condition on social media and c) keep my social media accounts clean and locked down. I should be shocked at what happened to you, but sadly, I'm not. Glad you stood your ground and got out of it. Shame on them.

This situation I talked about actually didn't involve social media.

The first scenario did. The first scenario was my neighbor was working on his truck and somehow got his hands stuck in a some fanbelt or something. This was a oil rig guy so a pretty tough guy. Had a few inches of snow outside, I hear my doorbell ring and answer the door and it looks like a murder scene with blood all over the snow! He knows I am an ER nurse, so I get him temporarily bandaged up and drive him to the ER. Get him in the room. I am there strictly as a friend and neighbor. I don't access any records, don't assist with any procedures or skills. He did have a room waiting for him and registration checked him in the room from me calling ahead to tell them I was bringing him in. I had nothing to do with his care. While there him being a who he was, he wanted pictures of his finger and stuff. I took the pictures for him and he asked me to post them on FB and tag him in them. I knew for a fact I was not violating any HIPAA rules or hospital policies. So I did. Because it did look cool. Well a co-worker that did not like me starts tagging my management in the photos. I did not take them down. I untagged my manager (manager wasn't even on my FB so I had to fix my settings) but I was proactive on this situation. When I saw right away people were going to try and play this game. I emailed management and the director of the ER and I told them the situation. Pointed out that no rules were broken or HIPAA violations occurred and that this employee needs to be spoke to for trying to cause problems. Nothing came from that and I think it was because I stopped it right away and made it known I was aware of the rules.

The second scenario that did cause all the hoopla. I was working in the ER. Patient comes in with a dislocated shoulder. Man is slightly intoxicated. He has his daughters or nieces with him and one of the girls recognizes me. She is in my EMT class. She makes small talk. The man is being pretty flirtatious but again he appears a little intoxicated and isn't crossing lines. Now physically I can tell you he probably had some ascites going on. However that is not what he was there for and he had no complaints outside of his shoulder. So while there the girl from my class starts asking could he have problems from drinking and stuff, she says "look how big his belly is can't this be from drinking too much" She starts asking me this in front of him. He laughs it off and says he doesn't have a drinking problem and you can tell he gets annoyed with her and embarrassed as he was trying to flirt with me. He says that his had just gained weight.

So I ask him directly if he has any other complaints outside of the shoulder and he says No. So fix his shoulder and splint him and d/c him. No labs were done, no other work up was done. We focused on the only complaint he had.

The next night in EMT class she came up to me and starts going on and on about how cool it is that I am an ER nurse and she didn't know. It was a co-worker and I in the class. She starts talking about him and is like he is an alcoholic and how worries he is and what not. She then is like didn't you notice how big his stomach was and wouldn't that be from drinking. So I repeat to her; "I couldn't tell you if he has anything going on, you were there, we fixed his shoulder and there were no other complaints. If you're concerned about him drinking you have to talk to him about that" So she says "Can drinking alcohol cause fluid in your belly, (in my head I see what she is doing and there are multiple people there) so I said, alcoholism can cause many different processes and can effect many organs. If you have a genuine interest I can direct you on some good books. My co-worker saves me from the conversation and that was it.

Well about 4 days later I am called into the management office that the man has filed a complaint that his HIPAA rights were violated. States that I told his niece that we had reason to worry he had problems with alcohol and that was why his belly was big and that he needs help. Apparently the niece used his fondness of me to her advantage and thought that if she told him I was the one concerned and suggested this stuff he would be willing to listen.

Thankfully my charting backed up that there was no mention or concern of anything outside of his shoulder. Family was bedside the entire time and patient was OK with that. Witnesses backed up that I never discussed anything with her. (so management tried to then say that I discussed his shoulder, (he allowed them to be present the entire time and all I had said was we took care of the shoulder and he had no other complaints) so I didn't violate anything there either with my simple statement.

In the end it was dismissed as they had no valid case and the patient was forced to let it go. The EMT program dismissed her from the program for her role in all of it. But it was a huge headache and nightmare.

OMG Mi Vida Loca!!! That's NUTS. Whoa. So glad you got out of it and how horrible of her to try to throw you under the bus like that.

The second scenario that did cause all the hoopla. I was working in the ER. Patient comes in with a dislocated shoulder. Man is slightly intoxicated. He has his daughters or nieces with him and one of the girls recognizes me. She is in my EMT class. She makes small talk. The man is being pretty flirtatious but again he appears a little intoxicated and isn't crossing lines. Now physically I can tell you he probably had some ascites going on. However that is not what he was there for and he had no complaints outside of his shoulder. So while there the girl from my class starts asking could he have problems from drinking and stuff, she says "look how big his belly is can't this be from drinking too much" She starts asking me this in front of him. He laughs it off and says he doesn't have a drinking problem and you can tell he gets annoyed with her and embarrassed as he was trying to flirt with me. He says that his had just gained weight.

So I ask him directly if he has any other complaints outside of the shoulder and he says No. So fix his shoulder and splint him and d/c him. No labs were done, no other work up was done. We focused on the only complaint he had.

The next night in EMT class she came up to me and starts going on and on about how cool it is that I am an ER nurse and she didn't know. It was a co-worker and I in the class. She starts talking about him and is like he is an alcoholic and how worries he is and what not. She then is like didn't you notice how big his stomach was and wouldn't that be from drinking. So I repeat to her; "I couldn't tell you if he has anything going on, you were there, we fixed his shoulder and there were no other complaints. If you're concerned about him drinking you have to talk to him about that" So she says "Can drinking alcohol cause fluid in your belly, (in my head I see what she is doing and there are multiple people there) so I said, alcoholism can cause many different processes and can effect many organs. If you have a genuine interest I can direct you on some good books. My co-worker saves me from the conversation and that was it.

Well about 4 days later I am called into the management office that the man has filed a complaint that his HIPAA rights were violated. States that I told his niece that we had reason to worry he had problems with alcohol and that was why his belly was big and that he needs help. Apparently the niece used his fondness of me to her advantage and thought that if she told him I was the one concerned and suggested this stuff he would be willing to listen.

Thankfully my charting backed up that there was no mention or concern of anything outside of his shoulder. Family was bedside the entire time and patient was OK with that. Witnesses backed up that I never discussed anything with her. (so management tried to then say that I discussed his shoulder, (he allowed them to be present the entire time and all I had said was we took care of the shoulder and he had no other complaints) so I didn't violate anything there either with my simple statement.

In the end it was dismissed as they had no valid case and the patient was forced to let it go. The EMT program dismissed her from the program for her role in all of it. But it was a huge headache and nightmare.

Wow! It sounds like that niece was pretty immature.

If we ever get to the point that wishing someone well and sending good wishes is a violation of federal law, this country will officially have gone into the dumpster.

I am truly amazed at how many misconceptions there are about HIPAA, especially as most (if not all) facilities/schools require mandatory training as part of orientation and ongoing annually.

not.done.yet, it is impossible for the OP to commit a HIPAA violation by talking about what she learned directly from the patient as a visitor. It's gossip, and nothing more. Additionally, "anything that even acknowledges someone is in a medical building cannot be disclosed without their permission" is patently false as well. HIPAA does indeed allow for a directory of patients to exist. If a patient wishes not to be part of that directory, he or she must opt out.

Unless it's for psych or drug/alcohol treatment, right? I work in psych, and I follow much stricter confidentiality rules. If someone calls and asks if a patient is admitted, I say nothing unless they have a special code for the patient. Patients must give their loved ones a code to visit, call, anything. Otherwise we do not acknowledge that the patient is even on the unit.

I thought this was mandated by HIPAA. Not that I would not follow it if it wasn't.

It would appear that HIPAA does not specify that psych patients are different (other than special protections for psychotherapy notes), but state mandates and/or hospital policy may be different. Or if I'm reading this wrong, perhaps someone else would have a link that better explains?

Sharing Information Related to Mental Health | HHS.gov

There is also nothing specific to psych patients here, either:

Summary of the HIPAA Privacy Rule | HHS.gov

From my understanding and experience it's more of the individual policies that have specifics in place for these specialized areas. Not that it's from the HIPAA laws themselves.

For example, 6 months before my brother committed suicide he was IVC'ed (not sure what they call it other places) he had his guns taken away and was released after 72 hrs. He got his guns back 6 months later and 3 days after that he took his life. Obviously my dad was extremely upset that we had no idea he had ever been involuntary committed and it was told to him that it was privacy laws for psych issues but it would have fallen under the general HIPAA rules regardless.

That's how I always understood it. The mental health facility here for children does have policies in place where there is a PIN that has to be set up to verify anything and in the hospital mental health patients, but also employees and various other "specialty" patients can request an extra protection placed on their chart for confidentiality where anyone accessing their chart has to "break the glass" to view it. This again isn't mandatory because of HIPAA but extra safeguards in place from the facilities.

Exactly . They are a lot of snakes in the nursing field. They would be the ones to try to get her in trouble

HIPPA Violation and your action falls outside of TRB and the information belongs to the facility not for you to go looking on this information. Patient themselves need to sign a release for their own information to be released generally..... HIPPA violation YES