HIPAA Violation???

She may have the resident's or family's permission, in which case this would not be a violation.

But if not and the right (wrong) person saw the post, I think she could be in trouble. It's sad because I don't believe for a second that there was any harm meant (or done).

When I am 100 by all mean violate me with birthday cards!!!

Sure technically it probably is a H Violation, but good lord...the violated is celebrating thier 100th birthday and is getting birthday cards...really what harm is there in that request?

I would never have posted all that information, for my own protection. Im sure she meant well though. Im always scared to say anything, fearing I could get in trouble for HIPAA violation. Hopefully nothing but alot of cards will come of the post.

This is one of the ways we may end up "protecting" ourselves into sterile plastic cubicles where, in the name of staying "safe," we cut off every last speck of human interaction.

I hope kindness--and common sense--prevail in this case.

This is one of the ways we may end up "protecting" ourselves into sterile plastic cubicles where, in the name of staying "safe," we cut off every last speck of human interaction.

I hope kindness--and common sense--prevail in this case.

Excellent point...I hope she doesn't get in trouble for posting the request. I know she was only trying to make this lady's special day even better. It is one of the many ways that HIPAA really didn't make things better.

I work for an insurance company and we have had HIPAA training inside and out and yes, posting the woman's name, birthday AND address is a HUGE HIPAA violation since she is an employee at the nursing home this resident lives at.

Unless the resident had given written permission for this info to be posted, the person who posted it (without malice I am sure) could be in huge trouble. At the facilities in CT that I have been to, all residents have to sign a paper upon admission giving or not giving permission to post their birthdays on the bulletin boards, permission to let callers know of their residence there, etc.

Think about it, how much damage a ID thief could do with just that bit of info..would you want your name, birthdate and address posted on a website for anyone to see?

I understand that she probably did this in good faith, but to answer the question, yup big ol fat HIPAA violation.

It would be a HIPAA violation unless the PI (Patient Information) is being used for or in the process of "the delivery of treatment, payment or for operations" purposes.

and it is a violation as the information posted does identify this patient - - name, date of birth, address, social security, etc.

On another site I sometimes post on, an employee at a nursing home has posted a message requesting cards for one of the nursing home's resident's 100th birthday. She posted the name and address and indirectly posted the resident's age and birthdate. Someone else, rather rudely, but possibly correctly, posted that this is a HIPAA violation.

I'm not really sure. I am our fire department's HIPAA Officer, so I try to keep up on things, but if I had to make a call on this one, I would have to call our attorney...and he would probably have to call a HIPAA expert...LOL.

What do you think???

HIPAA no longer requires written consent. In fact, lack of objection can now be construed as consent. (read latest HIPAA updates). As long as the patient and/or family agreed to this there is no violation. Also name and address are publicly available info and since the facility is the patient's home it's not really PHI, just demographics. In the case of 100th birthdays, these are often publicized and as long as the patient has no objection, there should be no problem.

Obviously, SS#, dx, meds etc are always PHI, no matter what the setting.

If there's a public celebration planned, there should be no problem.

And if this person's identity is stolen, I suspect a 100 year old person is not going to be entering the credit market.

Isn't there an automatic violation because of the age. When we did care plans/ clinical write ups, we were not allowed to give the age of any client over 80 (just put over 80) even though we did not give names (we made up names) because some one could figure out who the person is by the condition and because not many people live past 80..

I don't know if age is considered protected health information.

http://www.hhs.gov/ocr/AdminSimpRegText.pdf

"Health information means any information, whether oral or recorded in any form or medium, that:

(1)

Is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse; and

(2)

Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual."