I post a review, publicly, for a business on facebook saying my wife was seen by so and so
The business responds, publicly, saying I saw your wife in sept of 2014, without saying her name. I had not previously mentioned the date.
This is an eyecare place, if that makes a difference, and although he didnt mention my wifes name, he mentioned that she was the sister of… ‘jane doe’.
Yes, actually. This might be the first time ever that an “is this a HIPAA violation?” question actually was a HIPAA violation. Date of service, except for just the year, is considered Protected health information (PHI).
It depends on the particular business. An ‘eyecare center’ could take many forms. However, if they have an optometrist and they submit insurance claims electronically then they’re probably a covered entity and revealing your wife’s sister’s name is probably a violation. There are a lot of details to every part of that.
Yes. This eye care center has an optometrist, and they do file insurance claims electronically. Any advice as to how to document this is appreciated. Currently I just have screen shots on my email
Any information a health care provider gives that could be reasonably used to identify an individual patient is a HIPAA violation – even if the only information is that she is their patient, regardless of the level of detail about her medical condition.
Thanks for the replies all! I havent fully decided what im going to do, as im not one to likes to drag things out and do court things. I have been talking with the owner privately, who was insistent that he has done nothing wrong since I ‘identified’ her prior, although only as my wife. He has not admitted wrongdoing, but has severely edited his response to include no personal indicators. Although I can tell he is starting to realize how serious his comments were
Not that it matters, because it seems clear that they did a HIPAA violation, but you kind of started it. If you didn’t want people to know your wife went there for her eyecare, why would you post exactly that?
HIPAA tends to be very generously interpreted by the courts. The release of inappropriate information by a medical provider doesn’t have to be egregious to be in violation for most cases. They are expected to know their responsibilities in this regard and are held to a higher standard than the general public would be.
I tend to agree with dizzee dee in that, technically, you opened the door by mentioning your wife in connection with the clinic in the first place. But I’d still bet that their contribution of information would meet the standard of a HIPAA violation. Certainly nothing worthy of a big fine or other penalty, but it would likely merit at least a warning.
My name is obviously attatched to my facebook, so its fair game. My wifes name is nowhere to be found on my page. The situation is actually more complicated bc ‘jane doe’, my sister in law, used to work there and hes wanting to group the review and her employement together. And he did provide ‘jane doe’s’ first and last name and with her relation to me, thus outing my wife.
It was more of a matter that he was making a business matter, a personal matter.
Again, I know its petty, but I was curious of the legality of the events that happened. At the very least ive learned a lot, and glad I dont have to follow hipaa rules!