tag:blogger.com,1999:blog-1818870274401603400.post6326974098991091835..comments2018-11-15T02:47:54.986-05:00Comments on A Change of Heart: HIPAA, Heart Disease and TMILaurahttp://www.blogger.com/profile/12415155948577364954noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-1818870274401603400.post-42737241754273949462011-11-03T20:56:04.738-04:002011-11-03T20:56:04.738-04:00Thank you David, it was great to meet you, too!
A...Thank you David, it was great to meet you, too!<br /><br />And thank you so much for the clear explanation of HIPAA (dangit, just typed it as HIPPA again, now you know why I put an image of hippos in the post).<br /><br />I spent some time wandering through the HIPAA FAQs but couldn't find what I was looking for, so I appreciate you breaking it down for me. And thank you for doing it without making me feel stupid. No, really -- explaining stuff like this without coming across as condescending is a talent, one that not a lot of people have.<br /><br />So, yes. Very much appreciated. I hope our paths cross again IRL sometime; otherwise, I'll see you on Twitter, etc. :)Laurahttps://www.blogger.com/profile/12415155948577364954noreply@blogger.comtag:blogger.com,1999:blog-1818870274401603400.post-66145084566042453532011-11-03T16:25:09.992-04:002011-11-03T16:25:09.992-04:00Laura --
Nice to meet you IRL @ Mayo.
The short ...Laura --<br /><br />Nice to meet you IRL @ Mayo.<br /><br />The short answer is that the actions you described do not violate HIPAA. You are not covered by HIPAA in this circumstance.<br /><br />A lot of folks don't understand HIPAA, and it's cited as the basis for a lot of stuff ... it's often a convenient excuse for not doing stuff people don't want to do.<br /><br />A good resource on HIPAA may be found on the website of the US Dept of Health and Human Services, Office of Civil Rights, which enforces these regs. I recommend starting here: For Consumers – http://bit.ly/twBmAu<br /><br />OK, here's the longer answer:<br /><br />HIPAA requires that "covered entities" (CEs)- i.e., providers, payors, or health care [claims adjudication and payment] clearinghouses - not release "protected health information" (PHI) of individual patients to anyone, unless it's to other CEs for "treatment, payment or operations" (TPO) or to CEs' "business associates" (BAs) for TPO - and BAs don't get the PHI unless they've signed a "business associate agreement" (BAA) which imposes all the same obligations that are imposed on CEs by the regs directly. (BAs need to enter into BAAs with their subcontractors, too.) Every CE needs to give a notice of privacy practices (NPP) to patients up front, detailing how they use and share PHI in accordance with the regs.<br /><br />At #mayoragan, one situation that was discussed was the case of a nurse posting on Facebook "please pray for Timmy" or something like that, where Timmy is the newborn son of a co-worker who is a patient in her employer hospital's NICU. If she posts on her own Facebook, and her profile identifies her as an employee of the hospital, that's a potential problem for the hospital (her actions as an employee could be imputed to the hospital) and it's a potential problem for her as a licensed health care professional (she just posted PHI about a patient; further potential point of distinction: is she a nurse on the NICU? Is Timmy her patient?). If her personal Facebook does not in any way identify here as a hospital employee, then it's just a question of whether she has her friend's consent to share this information -- same as if she were sharing that information by telephone or in person with a friend, same as if she were not a nurse in the hospital or in the NICU. Now, if she posts on the hospital's Facebook page, this becomes a potential liability for the hospital, too. That's why hospitals should moderate, or scrub daily, their social media properties in accordance with posted policies and procedures/terms of use.<br /><br />Hope that's not too much information (or TMI, to finish up the alphabet soup of acronyms here), but since this seems to be a consistently recurring sort of question, I thought it would be worth addressing here.<br /><br />Bottom line, as peer-to-peer health advocates, you are not governed by HIPAA. If you step into another role, or inhabit more than one role simultaneously, and are a CE or have a closer connection to a CE (e.g. a peer health advocate network operating under the aegis of a health care provider network), then the answer may change.<br /><br />Keep on keepin' on.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-1818870274401603400.post-18306789559373540232011-11-03T14:28:48.658-04:002011-11-03T14:28:48.658-04:00That's what I thought, too, until several side...That's what I thought, too, until several side-conversations at Mayo the other week along the lines of, "Oh I busted my knee the other week--see, that's disclosing your own information. Versus, Frank broke his arm last night--that's disclosing someone else's confidential health information." <br /><br />And as peer-to-peer patient advocates, what, exactly, are we? Are we just friends, talking in an electronic living room? Are we some form of health education providers?Laurahttps://www.blogger.com/profile/12415155948577364954noreply@blogger.comtag:blogger.com,1999:blog-1818870274401603400.post-84215020602076385992011-11-03T13:15:05.489-04:002011-11-03T13:15:05.489-04:00I've always thought it applied to health care ...I've always thought it applied to health care professionals.Glennishttps://www.blogger.com/profile/07157321723496562484noreply@blogger.com