Good points, I absolutely will not correct the other moving forward. The intention of the original communication with the "other" nurse was to ensure that was an understanding that there was not a legal transfer of care.
Yes the HIPAA is less likely to be acted upon, but despite the common place activities you refer to above, in a technical sense, and legal relies on the black and white nature of technicalities, HIPAA is being violated here. If the care provider who discharged the patient called and did a DOC-2-DOC, then no there would not be a violation as this is covered under PHI as permitted uses and disclosures, but between two nurses this is not appropriate or permitted
"Treatment is the provision, coordination, or management of health care and related services for an individual by one or more health care providers, including consultation between providers regarding a patient and referral of a patient by one provider to another.".
Refer here Summary of the HIPAA Privacy Rule | HHS.gov
As common place as it may be, violations do occur and HIPAA is not a "in the spirit of" it has rigid definitions in order to protect the publics PRIVATE information. The reality is that I, the nurse, do not have a need to know until the patient walks through the door to seek care, unless a health care provider has done a consultation before hand, which did not happen in my scenario.
According to Health and Human Services:
Protected Health Information.
The Privacy Rule protects all "individually identifiable health information" held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this information "protected health information (PHI)."12
"Individually identifiable health information" is information, including demographic data, that relates to:
• the individual's past, present or future physical or mental health or condition,
• the provision of health care to the individual, or
• the past, present, or future payment for the provision of health care to the individual,
Permitted Uses and Disclosures
Permitted Uses and Disclosures. A covered entity is permitted, but not required, to use and disclose protected health information, without an individual's authorization, for the following purposes or situations: (1) To the Individual (unless required for access or accounting of disclosures); (2) Treatment, Payment, and Health Care Operations; (3) Opportunity to Agree or Object; (4) Incident to an otherwise permitted use and disclosure; (5) Public Interest and Benefit Activities; and (6) Limited Data Set for the purposes of research, public health or health care operations.18 Covered entities may rely on professional ethics and best judgments in deciding which of these permissive uses and disclosures to make.
(1) To the Individual. A covered entity may disclose protected health information to the individual who is the subject of the information.
(2) Treatment, Payment, Health Care Operations. A covered entity may use and disclose protected health information for its own treatment, payment, and health care operations activities.19 A covered entity also may disclose protected health information for the treatment activities of any health care provider, the payment activities of another covered entity and of any health care provider, or the health care operations of another covered entity involving either quality or competency assurance activities or fraud and abuse detection and compliance activities, if both covered entities have or had a relationship with the individual and the protected health information pertains to the relationship. See additional guidance on *Treatment, Payment, & Health Care Operations.
is the provision, coordination, or management of health care and related services for an individual by one or more health care providers
(this is not referring to RNs as we are not providers), including consultation between providers regarding a patient and referral of a patient by one provider to another