HIPAA Violation???

Published

On another site I sometimes post on, an employee at a nursing home has posted a message requesting cards for one of the nursing home's resident's 100th birthday. She posted the name and address and indirectly posted the resident's age and birthdate. Someone else, rather rudely, but possibly correctly, posted that this is a HIPAA violation.

I'm not really sure. I am our fire department's HIPAA Officer, so I try to keep up on things, but if I had to make a call on this one, I would have to call our attorney...and he would probably have to call a HIPAA expert...LOL.

What do you think???

Up Vote Up Vote ×
Specializes in Maternal - Child Health.

She may have the resident's or family's permission, in which case this would not be a violation.

Up Vote Up Vote ×

But if not and the right (wrong) person saw the post, I think she could be in trouble. It's sad because I don't believe for a second that there was any harm meant (or done).

Up Vote Up Vote ×
Specializes in ICU/ER.

When I am 100 by all mean violate me with birthday cards!!!

Sure technically it probably is a H Violation, but good lord...the violated is celebrating thier 100th birthday and is getting birthday cards...really what harm is there in that request?

Up Vote Up Vote ×
Specializes in Med/Surg, Home Health.

I would never have posted all that information, for my own protection. Im sure she meant well though. Im always scared to say anything, fearing I could get in trouble for HIPAA violation. Hopefully nothing but alot of cards will come of the post.

Up Vote Up Vote ×

This is one of the ways we may end up "protecting" ourselves into sterile plastic cubicles where, in the name of staying "safe," we cut off every last speck of human interaction.

I hope kindness--and common sense--prevail in this case.

Up Vote Up Vote ×
This is one of the ways we may end up "protecting" ourselves into sterile plastic cubicles where, in the name of staying "safe," we cut off every last speck of human interaction.

I hope kindness--and common sense--prevail in this case.

Excellent point...I hope she doesn't get in trouble for posting the request. I know she was only trying to make this lady's special day even better. It is one of the many ways that HIPAA really didn't make things better.

Up Vote Up Vote ×

I work for an insurance company and we have had HIPAA training inside and out and yes, posting the woman's name, birthday AND address is a HUGE HIPAA violation since she is an employee at the nursing home this resident lives at.

Unless the resident had given written permission for this info to be posted, the person who posted it (without malice I am sure) could be in huge trouble. At the facilities in CT that I have been to, all residents have to sign a paper upon admission giving or not giving permission to post their birthdays on the bulletin boards, permission to let callers know of their residence there, etc.

Think about it, how much damage a ID thief could do with just that bit of info..would you want your name, birthdate and address posted on a website for anyone to see?

I understand that she probably did this in good faith, but to answer the question, yup big ol fat HIPAA violation.

Up Vote Up Vote ×
Specializes in Informatics, Education, and Oncology.

It would be a HIPAA violation unless the PI (Patient Information) is being used for or in the process of "the delivery of treatment, payment or for operations" purposes.

and it is a violation as the information posted does identify this patient - - name, date of birth, address, social security, etc.

On another site I sometimes post on, an employee at a nursing home has posted a message requesting cards for one of the nursing home's resident's 100th birthday. She posted the name and address and indirectly posted the resident's age and birthdate. Someone else, rather rudely, but possibly correctly, posted that this is a HIPAA violation.

I'm not really sure. I am our fire department's HIPAA Officer, so I try to keep up on things, but if I had to make a call on this one, I would have to call our attorney...and he would probably have to call a HIPAA expert...LOL.

What do you think???

Up Vote Up Vote ×
Specializes in A little of this & a little of that.

HIPAA no longer requires written consent. In fact, lack of objection can now be construed as consent. (read latest HIPAA updates). As long as the patient and/or family agreed to this there is no violation. Also name and address are publicly available info and since the facility is the patient's home it's not really PHI, just demographics. In the case of 100th birthdays, these are often publicized and as long as the patient has no objection, there should be no problem.

Obviously, SS#, dx, meds etc are always PHI, no matter what the setting.

Up Vote Up Vote ×

If there's a public celebration planned, there should be no problem.

And if this person's identity is stolen, I suspect a 100 year old person is not going to be entering the credit market. ;)

Up Vote Up Vote ×
Specializes in Ante-Intra-Postpartum, Post Gyne.

Isn't there an automatic violation because of the age. When we did care plans/ clinical write ups, we were not allowed to give the age of any client over 80 (just put over 80) even though we did not give names (we made up names) because some one could figure out who the person is by the condition and because not many people live past 80..

Up Vote Up Vote ×
+ Join the Discussion