Skip to content
View in the app

A better way to browse. Learn more.
allnurses

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.
Discussion

Why isn't this a HIPAA issue?

I'm a new grad, so I'm sure there is a reason why this isn't considered a HIPAA violation, since I assume a hospital has a better sense of HIPAA than a new grad. Let me explain:

I'm looking at a hospital website, and they have a link "email a patient." It's a form where you fill in the patient's name and your name, and then you can send a message. The page says that a volunteer will deliver the message for you.

Now, my first thought is: wouldn't this let someone determine if a person is hospitalized or not? Like, you're suspicious that your co-worker or ex or whoever is in the hospital, so you put their name in to send them a little "get-well" note...

I'm guessing that bcs it's not actually med info, it's ok? But I thought that even confirming someone is a patient at a particular location was a HIPPA risk.

  • Quote

    • Featured Replies

    HIPAA doesn't prohibit, and actually specifically allows, hospitals to acknowledge when someone is admitted to their hospital, unless the patient is a "do not announce" due to patient request or policy (mental health admit, suicide, OD, etc).

  • Quote
    • Author

    Fabulous. I figured it had to be something like that. I just have all those Kaplan rationalizations still swimming in my head, where an answer would be wrong bcs "It acknowledges that the client is a patient at the hospital."

    Thank you!

  • Quote

    How would it do that? If the patient is not in the hospital, the info on the online form would be discarded, and how would you know that had occurred? Come to that, how would you even know if your message had been delivered by the volunteer?

    You're not sending an email to a patient, you're filling out an online form. You can't use readnotify.com or other such service to confirm delivery of the email, because, again, you are not sending an email. So even if HIPAA doesn't care (and they don't, though hospitals may have policy on whom to exclude from their published lists) theres still no way to confirm or deny presence of a patient via this system. Sounds like risk mgmt worked with IT to set it up that way.

  • Quote

    If you're sending an email to a patient on a hospital's website, presumably you already know that the patient is in this hospital. It's not even close to a HIPAA violation to provide an avenue for people to communicate with patients. You have to fill out the patient's name, it's not like it's a drop down list where you see that Mary Smith is in room 402 and think "Oh, I know Mary, I didn't know she was in the hospital, let me send her a letter." The hospital isn't providing you with any information, this is no more a violation than it would be for you to mail a card to the hospital addressed to Mary Smith.

  • Quote

    What Kel said.... also, if a patient is admitted to the hospital and wishes that no one know they are there - they should be given the option to completely "opt out" of the system. When a patient opts out at my facility, if someone were to come ot the desk and ask for room information for XYZ, they would have no record of that patient being admitted. I would assume it would be the same type of thing with an email.

  • Quote
    • Experts

    If the website just accepts messages for patients without verifying if someone is indeed a patient, then there's no HIPAA violation.

  • Quote

    • Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.

    Guest
    Add a Comment
    Go to topic listing

    Currently Reading 0

    • No registered users viewing this page.

    Account

    Navigation

    Search

    Search

    Configure browser push notifications
    Chrome (Android)
    1. Tap the lock icon next to the address bar.
    2. Tap Permissions → Notifications.
    3. Adjust your preference.
    Chrome (Desktop)
    1. Click the padlock icon in the address bar.
    2. Select Site settings.
    3. Find Notifications and adjust your preference.