Yesterday, I and another heart disease advocate worked all day at at table for WomenHeart, handing out information on women's heart health. My friend and I are both heart disease survivors.
At one point, a woman came up to our table and started telling me her story of postpartum cardiomyopathy. I said to her, "You really need to talk with _______," my fellow patient here; she's had post-partum cardiomyopathy, too."
My friend wrapped up the conversation she was having with another visitor, and I put the two of them together. I stood back and watched while they traded stories, exchanged contact information, and made a real connection with each other, since they had a shared diagnosis.
As our newest heart-sister walked away after hugging my friend, she said how great it was to be able to talk to someone else who'd been through the same thing.
Did I break a HIPAA rule by telling this new lady about my friend's diagnosis?
I don't know, but what happened yesterday wasn't unusual, at least in the patient communities that I participate in.
As longtime readers know, my own diagnosis is idiopathic SCAD (spontaneous coronary artery dissection), my right coronary artery repaired with six overlapping drug-eluting stents (DES). If you're curious, I can even tell you the make and model of these tiny bits of metal in my body -- Xience V, by Abbott Labs.
No one knows what causes SCADs, and there's no standard treatment. Some people who have dissections have a connective tissue disorder, some women are pregnant or have just given birth, and others, like me, just have them for no reason that we know of--that's the idiopathic category. As for treatment: some people get stents, some have bypass surgery, some are medically managed, and some get no fix (aka, the "watchful waiting" strategy).
When a new person shows up on the heart disease message board, sometimes one of us will say, "Oh, so-and-so has the same thing," same diagnosis, same treatment, same experience with side effects, whatever.
And we don't think anything of it; what we're doing, in our eyes, is accurately connecting patients with other patients who have something in common. Especially when we know that the one we're referring to may not check the message board very frequently anymore, we'll send an email: "So-and-so is new, has diagnosis/treatment X, and I know she'd like to hear from someone else in the same situation."
At Mayo's Social Media Summit a couple of weeks ago, there was a lot of discussion around HIPAA, patient disclosure, privacy, and keeping control of privileged health information. Which has me wondering, have we been inadvertently violating the law all this time and didn't realize it?
If so, how can we continue to support each other, while staying on the right side of HIPAA? Is HIPAA even concerned with patient-to-patient sharing, like we've been doing?
I honestly don't know. I'm freely admitting my ignorance on the subject and would love to hear various perspectives on the subject.