Got a call from a long-time patient over the weekend. Hearing a not overly alarming story but one that was not terribly reassuring either, I suggested she go to the Emergency Department.
Later that morning, sitting at an internet cafe with DSS eating breakfast, each of us surfing on our respective laptops, he says conversationally, “So I see Miss LTP is in the ER.”
My heart stopped and my stomach dropped. Had he managed to access the voicemail program I use for after hours calls? My EMR? Had I left shortcuts up to any patient-related materials on that machine? When had I last used it anyway? My mind was racing. I wasn’t all that concerned specifically about him knowing that a particular person was in the ER, since he understands confidentiality. But if he was able to access confidential patient information, did that mean I had a security breach?
“How do you know that?” I asked him carefully, after a very long pause, during which all of the above ran through my head.
As it happens, I’ve known this person for a very long time. So much so that DSS and I regularly run into her when we’re out and about. So much so that not only has the patient friended me on FaceBook, she’s even friended DSS.
“It’s right here on FaceBook,” he answered. Sure enough, her status read, “Hanging here in the ER.”
As I’ve noted before, HIPAA doesn’t apply when patients “breach” their own confidentiality. Clearly in this case, it’s FaceBook 1, HIPAA 0.