So, looking up a patient on the internet is not a breach of PHI. HIPAA was designed to preserve patient privacy by limiting the use and disclosure of PHI, therefore requiring providers to maintain confidentiality. Public online searches, on the other hand, are not restricted by HIPAA restrictions.
HIPAA does not prohibit you from researching your patients. Rather of submitting a patient's information online, you are serving as an observer of information. Despite the fact that conducting some web research on your patients' backgrounds is not strictly unlawful, it should not be taken lightly. If you collect personal information about individuals who cannot control how it is used or disclosed, then you have committed a breach of privacy.
There are three types of laws that apply to health care providers: state law, federal law, and hospital policy. State laws vary when it comes to privacy rights of patients. Some states have no specific patient privacy laws, while others have very strict data protection legislation. Federal laws include the Health Insurance Portability and Accountability Act (HIPAA) and the Family Educational Rights and Privacy Act (FERPA). These laws provide strong privacy protections for medical records, but they do not cover all health care facilities. Hospital policies vary by hospital but usually do not exceed federal or state law. For example, a hospital may allow staff members to conduct limited searches of patients' electronic medical records without their consent if the purpose is to protect health or safety. The hospital would likely use its best judgment in allowing or denying such requests.
Federal law provides certain exceptions for disclosures of medical information.
It is against the law for health care practitioners to share patients' treatment information without their authorization, according to the federal statute known as HIPAA. However, this does not apply to employees of health care providers who are given authority by their employers to release medical information.
HIPAA was enacted in 1996 to protect the privacy of patient medical records. Before this law was passed, hospitals had no problem disclosing your medical history to other doctors who were going to treat you. Even if you did not want them to do so, they could simply tell all these other doctors that you had some serious illness and therefore needed more careful attention while you were under their care.
The main goal of HIPAA is to prevent health care professionals from spreading information about your visits to doctors and nurses across different institutions. Some examples of such information include your name, address, phone number, and medical records.
Also, under HIPAA, you have the right to request that any person who has access to your health information not disclose it to others.
The information a physician might discover from a simple Google search or scan of the patient's social media profiles is not private; rather, it is publicly accessible to anybody. As a result, there is no breach of confidentiality. Social media searching does not violate medical ethics.
Health care professionals are required by HIPAA privacy requirements to preserve patient confidentiality and health data. In terms of social media, this implies that nurses are not permitted to post patient-identifiable information. Many health organizations likewise restrict nurses from "friending" or engaging with patients on social media. However these policies are typically limited to professional conduct and should not prevent nurses from posting relevant health information.
Nurses can share health updates through their own personal pages as long as they aren't posting identifiable information about patients. Nurses should also be aware that any photos or videos taken during patient visits may contain patient identifiers in background scenes that would not have been visible to the public in 2009 but which could be discovered using modern image recognition software. As such, nurses should take appropriate steps to protect patient privacy when posting photos or videos on social media.
Furthermore, nurses should be aware that some hospitals limit the number of friends users can have on Facebook. For example, some hospitals limit users to 250 friends or acquaintances. If this policy is enforced, nurses should not add patients as friends on Facebook. Users can comment on posts instead.
Finally, nurses should be aware that some patients may feel uncomfortable with their nurse's ability to communicate directly with others outside of the hospital environment. As such, employers should ensure that nurses are clear on their employer's social media policies before they start blogging or tweeting as employees.
It is generally prohibited for health care practitioners to disclose a person's medical condition, but it is not illegal for others to do so. However, if a person suffers injury as a result of having private medical information broadcast online, this might be considered a violation of the law.
The Health Insurance Portability and Accountability Act (HIPAA) makes it unlawful for any party, including without limitation physicians, hospitals, insurance companies, and other health care providers, to disclose any personal medical information about you. This includes information such as your diagnoses, treatments, prescriptions, and payments. Failure to comply with HIPAA can result in severe penalties, including fines and imprisonment.