HIPAA isn't necessarily just posting name, MRN and/or SSN. A HIPAA violation can occur if you share enough of ANY information about a patient, that someone could use it to identify said patient. And not knowing exactly what you posted as you didn't share it, it could be very possible that you DID violate HIPAA with your post.
If you had a case--and IMO, you don't--it would be a very poor one. HIPAA and patient privacy is part of almost any nursing school curriculum, both in the classroom and clinical settings. Plus, almost every hospital on the face of this earth gives their hires both initial and annual training in privacy laws. I don't work at your facility, but I find it incredibly hard to believe that you didn't receive any
privacy training. Perhaps they may not have had the list "18 specific HIPAA identifiers", but you WOULD have had an understanding of what HIPAA is and what you can and can't share.
I don't believe you had bad intentions...unfortunately, lack of ill intent doesn't mean you get off the legal hook. And to fight by insisting that you know nothing about HIPAA would make you look even worse, especially since this is something that you (should) have learned both in school and new hire training. They may start to see you as a liability, especially since those HIPAA fines can be in the hundreds of thousands of dollars.
IMO, I'd tell them mea culpa
, cheerfully complete any remedial training they may require, and promise them you will never make this mistake again. It could have been worse: you could have been fired and/or reported and face paying fines.
If you are insistent on claiming that they really
didn't train you...well, you may want to rethink employment there, as the government will not buy the "but the hospital never trained me!" excuse. Don't think it's just hospitals that violate and get fined for violating HIPAA: individuals can
been fined for violating privacy laws. And the hospital certainly won't lift a finger to save you if that happens...they'd cut their losses (read: you) and focus on saving themselves.
But again, almost no hospital would neglect to train their employees in patient privacy laws. Not when possibly having to pay fines--and taking hits to their reputation--is on the line.
All the HIPAA info you could want is here: Health Information Privacy | HHS.gov
And take some time to rethink your social media habits. Remember the Internet is forever: once you post something, that post is out of your control. Even if you delete it right away, whose to say that someone didn't copy it/forward it/screen shot it?
Sorry if this isn't what you wanted to hear. Best of luck in sorting this out.