I wrote an article several years ago on the subject of confidentiality in nursing. It has since disappeared from the site I wrote it for. It deserves updating now as it continues to be a big part of medical ethics. Technology continues to change our lives and social media and confidentiality do not mix well. Younger nurses who have grown up in the era of social media and sharing everything may have a hard time understanding confidentiality issues.
Confidentiality has morphed with the HIPAA laws. HIPAA is the Health Insurance Portability and Accountability Act of 1996 which was first designed to allow employees to keep and carry their health insurance coverage from one employer to another. In the process, privacy laws had to be built into the act to protect employee’s rights and privacy from becoming available to their employer. For instance an employer might find a way to not hire a person if they discovered he or she had cancer or some chronic disease.
For all health care providers, the HIPAA act demands full confidentiality and protection of every patient’s privacy. It’s not just nurses and doctors. It’s everyone working in health care who cannot share patient information. A need-to-know basis is implicit to the plan. There was an episode several years back in which Brittney Spears was hospitalized and several employees were fired for looking at her information on the hospital computer. They weren’t involved in her direct care and had no need-to-know, and so it was a violation of her privacy rights as well as hospital rules under the HIPAA law. Other cases have involved an unusual health even such as shark attacks, or impalement injuries.
Whether or not you share any of the information or just look at it for your own curiosity, if you’re not involved in the direct care and need-to-know, then you’re in violation of HIPAA.
We have all probably worked in situations where we have had patients who are celebrities or well-known community members in the crosshairs of our hospitals, clinics or medical offices, or have provided care in their homes or other places of residence.
I could tell you about many I have encountered in my career, but you have no need-to-know, so I cannot. If I had their permission to share certain information that would be a whole different ball game. On the other hand, if I changed up some of the identifying details or managed to make sure you couldn’t figure out who I was talking about, I could tell you some information that might be relevant such as how to deal with entitled or highly unhappy patients or family members. That seems to be a common theme with some of the rich and famous. But otherwise, I have to take these secrets to my grave.
Along came social media and everyone is sharing every little detail about their lives. But the HIPAA laws haven’t changed, and nurses (and anyone working in health care) need to be perhaps more careful than ever not to expose private patient information.
Posting photos on Instagram and Facebook is a common mistake, often made very innocently to celebrate a milestone event with a patient. The last chemo treatment, a milestone birthday, someone walks again when they were told they wouldn’t. Who wouldn’t want to share the joy/! Technically if you post a picture of anyone, even your best friend, without their permission it can become a whole huge issue. This is an area of particular concern because we often don’t even think about it. We have access to cameras on our phones and we post the pictures all over the Internet to share with friends and family.
Even if your patient is not a well-known celebrity, s/he has the right to privacy, and HIPPA will get you if you violate the confidentiality! If you do have permission to post that selfie you took with your 100-year-old patient on his birthday, you MUST say so. I would advise that your better choice is to NOT post it, but if you do, you MUST get his permission and then be sure to document that you have his permission to post. (I would also let your employer know you’re posting and be sure to know what their rules are before even considering it.) If he has dementia or is otherwise incapable of making his own decisions, you’d better have permission from his next of kin or DPOA! And you MUST post that as well. And then save the post in a manner so that it cannot be shared.
HIPAA was updated with the HITECH Act in 2009. Health Information Technology for Economic and Clinical Health (HITECH) Act covers patient confidentiality and technology advances. When taking pictures for clinical use and medical records, for example wounds, make sure you have permission to photograph. Check for your employer’s policy and follow it to a “T.” Use a medical record number and date but be sure there is no other identifying information in/on the photo. Zoom in on the wound or other reason for the photo. And the DELETE the photos from your device as soon as you have posted in the appropriate place.
Confidentiality is not just about photos, it’s any information you glean from/about your patient. Something they told you in confidence or not is still a privacy matter. I can share that a patient I had several years back was the stunt double for a famous actor or actress in the 1920’s and 30’s. If I say anything more than that, you might be able to figure it out and then know he or she was a patient treated by XYZ and could learn he or she was treated for ABCD. That would be violating the patient’s HIPPA rights that extend for 50 years after death.
I can also share with you I’ve taken care of the fathers of rock stars and the grandmothers of actors, along with athletes and politicians and community leaders, but that’s the extent of what I can say. I can say some of them were very nice and grateful for all we did, and others were rude and obnoxious the same as any other patient or family members. But I can’t tell you who they were or any other situational information that could identify them.
It’s a covert operation and it has to remain such. HIPAA also prevents you from sharing any information with a family member or friend of any patient without the patient’s permission. Only the DPOA can tell you who in the event the patient cannot. These laws were written to protect all of us.
Take care of you and don’t let curiosity put you in jeopardy. Don’t forget and post or otherwise share information or pictures you took with a favorite patient unless you have permission and state so. You put your career on the line and could cost your employer a lot as well. Mumm’s the word!