this post was submitted on 11 Sep 2024
641 points (97.3% liked)

InsanePeopleFacebook

2599 readers
211 users here now

Screenshots of people being insane on Facebook. Please censor names/pics of end users in screenshots. Please follow the rules of lemmy.world

founded 1 year ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] homesweethomeMrL@lemmy.world 21 points 1 month ago (4 children)

I don’t agree.

Protected Health Information, PHI, includes anything used in a medical context that can identify patients. Although it doesn’t explicitly address personally identifiable information, the HIPAA Security Rule regulates situations like this under the term Protected Health Information (PHI). Some examples of PHI data can include:

  • Name
  • Address
  • Date of birth
  • Credit card number
  • Driver’s license
  • Medical records

None of those were revealed. If some intrepid ambulance chaser wants to argue “i gave your son a sticker” is a “medical record”, go for it. Hell in some Bumblefuck red state county you might get in front of a judge with that. But you will not be making any money off of it, and no serious attorney would waste the court’s time.

[–] ShunkW@lemmy.world 15 points 1 month ago* (last edited 1 month ago) (1 children)

Confirming someone is a patient without consent is a violation.

Edit: but the mom did open the door I suppose so maybe not.

[–] orcrist@lemm.ee 10 points 1 month ago

Right, the medical records were revealed, and probably the name was revealed. This discussion is taking place in context, so if a reader can scroll up and see the kid's name in the previous post, now they know something about what happened to that kid medically on that day at that time at that place.

In these types of situations you have to look at other readily information and use common sense to determine what a reader could find out.

Because there's often extraneous information available to outsiders, any medical employee worth their salt would decline to give any information about any patient without running it through the proper channels to make sure everything is anonymized or a waiver is signed.

[–] Railing5132@lemmy.world 8 points 1 month ago (1 children)
  1. the judge wouldn't be in bumble fuck, TN or anywhere else other than in a civil rights case brought by the department of health and human services in DC. You'd be charged in federal court.
  2. disclosing information that relates to the "a) treatment, b) payment, or c) operations" (not medical procedures, that's under "treatment" - this is things like quality assurance and training) need to have a client authorization for disclosure.

Strictly speaking, this nurse confirmed the identity of a specific individual that received a _specific treatment_ at a specific facility (her employer) to a public forum, all without the authorization of the client. Any compliance office would hang the nurse out to dry, even as a proactive measure, to mitigate a potential unauthorized disclosure claim.

[–] homesweethomeMrL@lemmy.world 0 points 1 month ago (1 children)

I see, i see, a federal case even. Mmm.

So, counselor, what was the specific treatment then?

[–] Bertuccio@lemmy.world 6 points 1 month ago* (last edited 1 month ago)

Laws are generally not stupid enough to allow magic wording loopholes.

If it's obvious that the nurse saying they gave the boy a "brave boy" sticker means the boy got a vaccine, that's the same thing as saying he got a vaccine.

Compare to hypothetical statements like

"I can't say what procedure she got, but she's going to need to keep buying tampons for the next 9 months"

"I can't say what procedure they got, but they'll definitely need to sit to pee from now on."

"I can't say what procedure he got, but keep strong magnets away from his chest."

[–] Alexstarfire@lemmy.world 6 points 1 month ago

I think something most people don't know is that ANY piece of information that can be used to identify a specific patient is a HIPAA violation. What you posted are definitive pieces of information that qualify but it's not limited to those.

I think the replier will have a hard time defending themselves if they are indeed a healthcare employee that has knowledge of the patient. Doesn't specifically say who the patient is but does confirm it's poster's kid. If that's easily identifiable via the same social media platform IDK what they'd hide behind.