Protected Health Information, PHI, includes anything used in a medical context that can identify patients. Although it doesn’t explicitly address personally identifiable information, the HIPAA Security Rule regulates situations like this under the term Protected Health Information (PHI). Some examples of PHI data can include:
Name
Address
Date of birth
Credit card number
Driver’s license
Medical records
None of those were revealed. If some intrepid ambulance chaser wants to argue “i gave your son a sticker” is a “medical record”, go for it. Hell in some Bumblefuck red state county you might get in front of a judge with that. But you will not be making any money off of it, and no serious attorney would waste the court’s time.
Right, the medical records were revealed, and probably the name was revealed. This discussion is taking place in context, so if a reader can scroll up and see the kid’s name in the previous post, now they know something about what happened to that kid medically on that day at that time at that place.
In these types of situations you have to look at other readily information and use common sense to determine what a reader could find out.
Because there’s often extraneous information available to outsiders, any medical employee worth their salt would decline to give any information about any patient without running it through the proper channels to make sure everything is anonymized or a waiver is signed.
That last comment is 100% actionable by both her employer and the patient.
Don’t be dumb with that shit. Judges don’t fucking listen to it was just a joke wink wink unless you have some good fucking lawyers.
Can you explain how exactly? They only mentioned that they gave them a sticker at the end of the appointment.
Is it purely the fact that they admitted there was an appointment?
Yep. That’s a HIPAA violation.
I don’t agree.
None of those were revealed. If some intrepid ambulance chaser wants to argue “i gave your son a sticker” is a “medical record”, go for it. Hell in some Bumblefuck red state county you might get in front of a judge with that. But you will not be making any money off of it, and no serious attorney would waste the court’s time.
Confirming someone is a patient without consent is a violation.
Edit: but the mom did open the door I suppose so maybe not.
Right, the medical records were revealed, and probably the name was revealed. This discussion is taking place in context, so if a reader can scroll up and see the kid’s name in the previous post, now they know something about what happened to that kid medically on that day at that time at that place.
In these types of situations you have to look at other readily information and use common sense to determine what a reader could find out.
Because there’s often extraneous information available to outsiders, any medical employee worth their salt would decline to give any information about any patient without running it through the proper channels to make sure everything is anonymized or a waiver is signed.