Looking up patients on Facebook

Nurses General Nursing

Published

If you're already part of some of the student nursing Facebook groups, you may have seen this going around before it got dirty deleted. I wanted to get some professionals' opinions.

Apparently some nursing students and RNs believe it is okay to look up your patient's Facebook for the sole purpose of curiosity, not for an emergency purpose (IE trying to find a family member to contact, etc.) To me, this is very much a HIPAA violation, even though Facebook is technically public information. What is your thoughts on this?

22 hours ago, aprilmoss said:

I'll have to disagree here. Once you expose a patients name on a computer outside the clinical environment you've likely violated your facility's HIPAA policies. The name of a patient is very much PHI.

How do you figure? If I type “John Smith” into the FB search engine on my home computer there’s a good bet a John Smith is admitted at my hospital who I may or may not have cared for. What if I’m looking up an old high-school friend named John Smith because a patient of the same name reminded me of him? There are probably 100s of John Smiths admitted in the US on any day who have links to my hospital system. Have I now violated HIPAA for each of them? Now if I posted “I took care of a patient named John Smith today and he was a real jerk” that is an entirely different thing. The name has to be linked to information to make it an identifier and PHI. I could stand on my roof and yell “John Smith” and while I’d probably end up on a 5150 hold I am not violating HIPAA in any way. I deal with people’s confusion on this every day when I try to get progress notes or lab values from physician offices for a mutual patient and they deny it because they say an ROI is needed so they don’t violate HIPPA. Information needed for patient care does not require consent.

All that being said, Facebook stalking a patient is a serious boundary issue and, honestly, a little creepy.

3
Up Vote Up Vote ×
Specializes in Clinical Social Worker.

It's really creepy how Facebook algorithms can mess with things in ways you'd never intend.

I currently work as a clinical social worker, and have heard validated stories of colleagues and others in the field who have had Facebook suggest they friend their patients or that their patients be friends with other patients because they both "know" the therapist.

It's dicey and I just wouldn't recommend it.

Having said that, I know that other disciplines have different boundaries than mental health (ie, it's not uncommon for family medicine practitioners to write prescriptions (aka treat) friends or family members whereas in mental health that's just a nonstarter boundary issue/conflict of interest).

I also honestly feel pretty weird about looking patients up on Facebook even in emergency situations to get information they have not disclosed to me. I used to work for a kids' MH crisis outreach service and some of the hospital emergency department practitioners would routinely look up teens' social media to assess for suicidal intent stated there. Whereas I never would, unless the teen invited me to, because I felt like it was a pretty substantial boundary violation without the teen's explicit permission even though it's theoretically "public" when put out on social media.

Up Vote Up Vote ×

In order to be a HIPAA violation, the covered entity's act must involve the patient's PHI. A public profile that anyone can see that is put up voluntarily by that patient does NOT constitute protected health information.

Something can be a bad idea, it can be against facility policy, it can be creepy and stalker-ish. That doesn't mean it is a HIPAA violation.

1
Up Vote Up Vote ×
Specializes in Occupational Health; Adult ICU.

Is this a violation of HIPAA, in a word, “no.” Is it a violation of nursing ethics, yes, no, maybe so. If you work in a dotox place, and someone links your name on FB to person who is a patient, to another person who is trying to discover where person “x” disappeared to, then maybe so. Is it “actionable,” under HIPAA, not likely for the information was put there by the person for all to see. The person can write on FB “I’m in detox at facility x.” That is their right. Is it a violation of your workplace? Probably. Is it creepy… yuh.

For all those who comment that their data is “securely locked down on FB,” gosh, I almost sprayed my monitor with diet coke. There is one single way to lock town one’s data and that is no smartphone and no social media sites such as FB. And no gmail, and no web use without a VPN. Read the fine print, all websites, all social media sites reserve the right to harvest “non-identifiable data,” which is in reality, quite valuable and quite identifiable.

Facebook earned $16.9 billion last year and as far as I know it wasn’t from selling t-shirts. Your data is harvested and sold routinely. If you think that non-identifiable information cannot identify you well, you are probably not alone—but I suggest you read “Your Apps Know Where You Were Last Night, and They’re Not Keeping It Secret.” (NY Times) search and you’ll find the article.

NY Times tracked “anonymous cell phone data,” touted to be non-identifiable. The article is excellent. Lisa Magrins’ (a real person) anonymous cell data showed what time she got up, where she worked, the exact classroom she taught in, her gym, her Weight-Watchers visits. All from “non-identifiable anonymous cell phone data.” It’s a really, really creepy article that shows just how “locked-down” one who thinks they are—really aren’t. And, by the way, shutting your phone down doesn’t help, you phone still tattles on you unless you remove the battery. FB is no better, nor is Twitter, they are all in business to sell your data—end of story.

The article is about cell-phone harvested data but consider FB’s $16,900,000,000 in sales—all data sucked from users and sold to, well, who knows who? If you are in FB, if you use Twitter “YOU” are the product.

Back to the OP, we as nurses must respect the privacy on a need-to-know strict basis of anyone we care for. Based upon that concept curiosity use of FB is not right—it’s invasive. We are professionals and we respect other’s privacy—it’s as simple as that.

If links are allowed: https://www.nytimes.com/interactive/2018/12/10/business/location-data-privacy-apps.html?module=inline

If not search N Y Times, “Your Apps Know Where You Were Last Night, and They’re Not Keeping It Secret” You will never feel “locked down” again.

4
Up Vote Up Vote ×
2 hours ago, Horseshoe said:

In order to be a HIPAA violation, the covered entity's act must involve the patient's PHI. A public profile that anyone can see that is put up voluntarily by that patient does NOT constitute protected health information.

Something can be a bad idea, it can be against facility policy, it can be creepy and stalker-ish. That doesn't mean it is a HIPAA violation.

I'm not arguing, I entirely agree, but isn't the patients name PHI? And if you only knew that name due to caring for the patient, isn't entering that into a personal item (like phone or PC) a violation? At the very least, yeah, definitely creepy and ethically wrong.

1
Up Vote Up Vote ×
Specializes in Dialysis.
On 4/20/2019 at 7:53 PM, CharleeFoxtrot said:

My profile is locked down tight for that very reason.

So is mine, but every now and then one slips through due to friends of friends, or related

Up Vote Up Vote ×
Specializes in School Nurse.

I'd not do it. I don't know if Facebook could associate me with the patient or not. Even if it wasn't a HIPAA violation, I'd certainly not want it known that I was doing it to my employer. Those are often firing offenses.

Up Vote Up Vote ×
Specializes in Nephrology/Dialysis.

We see our patients frequently in the area I work in and one nurse in particular "friends" patients on Facebook. I think this is a professional boundary issue - these patients then request special treatment. In addition one patient accused this nurse of "smoking a bowl" with him at his house. If that had gotten to the nursing board it could have ended her career or at least gotten her on a diversion list. Not gonna happen to me!!

2
Up Vote Up Vote ×

Do they have time to do that kind of stuff? I am usually busy at the hospital and not having enough time to search them. I do want to know their previous medical history etc prior to admitting them but wow....lol they must be bored

1
Up Vote Up Vote ×
Specializes in ER.

Public information is open to anyone. BUT if you are making healthcare decisions based on that information you need to check it with the patient for accuracy. For example, if I looked up a hinky looking guy as he checked in to the ER and found he had been charged with something ( like drug distribution) I'd fell obligated to ask him about it before assuming he was looking to sell his scripts. I think that would be ethical use of public information.

Up Vote Up Vote ×

Seems pretty odd. Is this for incapacitated patients or something? If its not to benefit the patient in anyway I wouldn't bother.

Up Vote Up Vote ×
Specializes in Specializes in L/D, newborn, GYN, LTC, Dialysis.

It is a violation of boundaries. Professionals do not friend patients or clients on social media for a good reason.

3
Up Vote Up Vote ×
+ Add a Comment