I have a friend on Facebook who works (not a nurse, but works at the desk) in the ER at a hospital in my area. She sometimes posts things on facebook that happen at work in the ER. Recently, I saw that she made a post about the shift she was working, the department she works in(ER), what her job is(checking pts in). It does say on her FB page which hospital she works in, but that info was not in the actual post I am referring to. So in this specific post, she wrote about something that happened that night in the ER. She was saying that a lady and child came in to the ER and she checked them in, the child was acting like she was abused she could tell by her body language. She wrote a long post about this an that CPS was called (not sure if the hospital called or she did on her own), an that she hopes the lady rots in h***. Anyway, she did not write any of their names or anything, but just told the story about what happened. Is that a HIPPA violation? I have just started nursing school and am really curious about this. I know I personally would NOT post that type of info, but still would like other input.
Something tells me that the definition of HIPAA violation needs some adjustment, to include social network sites, and with regards to the users employer being visible, thus leading readers to put 2 and 2 together in identifying people.
I've seen friends of mine refer to Pts as room #s. If I know where they work, I can easily figure out who the Pt is.
It's not a HIPAA violation, because the patient isn't identified. I believe HIPAA violations happen when the patient is identified. That's why case studies can have patient initials in journals. Additionally, for it to be a HIPAA violation, there has to be Protected Health Information (PHI) associated with the name. Just being in the ER doesn't count. That information isn't protected HEALTH information. And a "diagnosis" made by a person unqualified to make that diagnosis isn't PHI either. Just looking abused isn't a diagnosis.
Forget about HIPAA, and even forget about the hospital's own HR policies. What about the fact that she is stealing her employer's time on FB during paid work hours? That issue doesn't even seem to be on the radar screen anymore!
But yes, I do think the privacy (and even potentially HIPAA) considerations are real in this case. And to the MYOB comment... The ANA code of ethics would be violated if the OP just "minded her own business." We take an oath to advocate for our patients and to do what is in our power to keep them from being harmed or abused. Failing to do something about a privacy breach goes against our code, and it also likely goes against the hospital HR policy that the OP is employed under.
We were taught that ANY info which could identify a person is a HIPAA violation. If she said anything that would identify the mother or child to someone else (just mentioning the fact that she came into the ER that night could do it), then it's potentially a violation. And besides that, it's very unprofessional.
She needs to mix up the details of the encounters and keep her name and hospital anonymous. Like so many others this is going to catch up with her and make her unemployable by the institutions that find her site.
Forget about HIPAA, and even forget about the hospital's own HR policies. What about the fact that she is stealing her employer's time on FB during paid work hours? That issue doesn't even seem to be on the radar screen anymore!
But yes, I do think the privacy (and even potentially HIPAA) considerations are real in this case. And to the MYOB comment... The ANA code of ethics would be violated if the OP just "minded her own business." We take an oath to advocate for our patients and to do what is in our power to keep them from being harmed or abused. Failing to do something about a privacy breach goes against our code, and it also likely goes against the hospital HR policy that the OP is employed under.
I didn't get that impression from the OP. The person in question could easily have gotten home from said shift and made the post....it wasn't necessarily made from/at work.
The ANA code of ethics would be violated if the OP just "minded her own business." We take an oath to advocate for our patients and to do what is in our power to keep them from being harmed or abused. Failing to do something about a privacy breach goes against our code, and it also likely goes against the hospital HR policy that the OP is employed under.
It's great to want to look out for your patients, but that doesn't really apply in this case.
The OP says she knows this person only through Facebook. She has no connection to the patients. She is not an employee of the hospital, nor is she yet a nurse.
studentCL2009 can certainly encourage this "friend" to stop engaging in such inappropriate behavior and suggest she purge her page of indiscreet references, but she is under no obligation to report her to anyone based on second-hand information about a situation with which she has had no direct contact.
For all she knows, this girl could be making things up because she's bored.
Thank you all for the comments. This is very interesting.
Also, just to be clear, I do not work with this person. I am friends with her on facebook but do not actually work with her. I also cannot say that she was posting while she was at work. She may have been on facebook after work....I just don't know that.
I am a nursing student and had my first clinical last week. We did an orientation and talked a lot about HIPPA and HITECH. They were telling us that we are not allowed to take photos and if we posted on FB a picture of a patient's wound it would be a violation, even if that patient's face was not in the photo. They told us that if we were in the cafeteria and were taking pictures with our nursing school friends, and a patient's mom or someone was in the picture in the background, that would be a violation as well. I was pretty shocked to see this person posting that information on FB.
Forget about HIPAA, and even forget about the hospital's own HR policies. What about the fact that she is stealing her employer's time on FB during paid work hours? That issue doesn't even seem to be on the radar screen anymore!
But yes, I do think the privacy (and even potentially HIPAA) considerations are real in this case. And to the MYOB comment... The ANA code of ethics would be violated if the OP just "minded her own business." We take an oath to advocate for our patients and to do what is in our power to keep them from being harmed or abused. Failing to do something about a privacy breach goes against our code, and it also likely goes against the hospital HR policy that the OP is employed under.
We don't take an oath..... There may be a code of ethics, but no oath.
Oh, I must further add that if somehow this FB post actually did actually get recognized by someone who might know the woman and child described and rumors start flying about this woman, she may NOT seek further treatment for her child, abuse or not. Ultimately, the child is hurt in the end.
Perhaps you can talk to your co-worker and propose this scenario to him/her to offer a different point of view in how seemingly innocent posts can cause a great deal of harm.
The friend who wrote the post actually said that when they (doctor or nurse, not sure) were assessing her, the mom freaked out and took the daughter out of the ER. So, she (the child) did not get whatever treatment she needed.
Forget about HIPAA, and even forget about the hospital's own HR policies. What about the fact that she is stealing her employer's time on FB during paid work hours? That issue doesn't even seem to be on the radar screen anymore!
I don't care b/c I am not this individuals supervisor or coworker. There isn't anything the OP can do about it anyway. What is she supposed to do, call the hospital and tell someone "hey, your employees are on facebook during work time-DO SOMETHING!"
But yes, I do think the privacy (and even potentially HIPAA) considerations are real in this case. And to the MYOB comment... The ANA code of ethics would be violated if the OP just "minded her own business." We take an oath to advocate for our patients and to do what is in our power to keep them from being harmed or abused. Failing to do something about a privacy breach goes against our code, and it also likely goes against the hospital HR policy that the OP is employed under.
Of course it is bad judgement, that goes without saying. The question was, does it directly violate the HIPAA statue. The feedback is pretty consistent, "NO." And yes, everybody needs to shut the heck up and mind their own business a lot more often. This constant wondering if someone should turn in a coworker for some infraction is ridiculous. Unless there is some egregious safety issue that you witness directly (not just read about on facebook, lol) , worry about your own performance and stop paying attention to what other people are doing. Frankly, it just makes the "whistle blower" look like an idiot most of the time (at best, someone who is not a team player) , since 99% of the time it is about nonsense and rumors. My code of ethics doesn't say squat about monitoring other people's facebook pages and being on alert for any evidence of bad judgement. It's a good thing tot, because I have neither the interest or the stomach for it! It's nonsense. It's childish. It's beneath me. YMMV, lol.
There may be a code of ethics, but no oath.
ReinventingMyselfAgain, MSN, RN
1,953 Posts
Something tells me that the definition of HIPAA violation needs some adjustment, to include social network sites, and with regards to the users employer being visible, thus leading readers to put 2 and 2 together in identifying people.
I've seen friends of mine refer to Pts as room #s. If I know where they work, I can easily figure out who the Pt is.