A nurse working at a Texas children’s hospital was laid off for posting protected health information (PHI) on a social media site, which is a violation of the Health Insurance Portability and Accountability Act (HIPAA) Rules.
The nurse worked in the pediatric ICU/ER unit of the Texas Children’s Hospital. Allegedly, the nurse posted comments on Facebook about a boy who suffered a rare case of measles. It was quite obvious she was an anti-vaxxer as she posted comments about the suffering of the boy from a disease, which could have been easily avoided by vaccination. Her posts mentioned that the boy’s condition was much worse than expected unlike what others experienced with measles in the past, and seeing the suffering boy was a “rough” experience.
According to the Houston Chronicle, one of her posts said that it’s easy for non-vaxxers to make assumptions and because of that most never and will never see one suffering of these diseases. The nurse also said she will not change her vax stance. The poor boy was bad off and as a parent, she could have vaccinated out of fear.
Houston has a high vaccination rate (94.5%) and it’s not common to have a measles case. In the last ten years, less than 10 cases in the city were confirmed. The nurse did not say the child’s name in her Facebook posts but people could see on her profile her job, the hospital where she worked and information about the boy and his condition. Because of all the information included in the posts and the rare case of the boy, it is possible that the boy was identified.
When the Texas Children’s Hospital officials knew about her social media posts, the nurse got suspended. It was then that the nurse realized she shared a lot of information on social media and deleted some posts. After four days of suspension, the officials decided to fire the nurse. A hospital official notified the nurse that she lost her job because she violated hospital policies and federal laws when she posted protected health information (PHI) on a social media site, and not because of her anti-vaxxing stand.
The HIPAA Privacy Rule restricts the permitted uses and disclosures of PHI. Healthcare professionals should know that posting PHI on a social media site is a HIPAA violation. In this incident, there was no mention of the patient’s name but the shared information was enough to potentially identify the patient.
Posting any personally identifiable protected health information on social media without the patient’s consent is considered a HIPAA Privacy Rule violation. Remember not to mix your work and private lives. Don’t post any patient information on a social media site, even if a patient is not identifiable from the post.