There is a story in the LA Times about a mortally injured nursing home resident who was taken to the ED of St. Mary Medical Center in Long Beach, California on April 9. The patient had been stabbed multiple times by a fellow resident. His throat had been slashed so deeply that he was almost decapitated. An employee of the hospital reported that the hospital staff took photos of him and posted them on Facebook “instead of focusing on treating him.” What on earth were they thinking??
There are so many things to hate about this story, it is hard to know where to start. I recall from my days in the emergency department at San Francisco General Hospital, the tension in the trauma room as we awaited the arrival of a seriously injured patient. The trauma team was totally focused on setting up the resuscitation equipment so that they could initiate assessment and treatment as rapidly as possible. If the patient arrived alive, the resuscitation protocol was initiated the minute the gurney was rolled into the room: secure the airway, gain vascular access, stop the bleeding, and pump in fluids, etc. etc. I don’t recall that “take the photo” was a part of the initial approach.
But even if there were spare hands and a legitimate reason to take the photos (e.g., documentation of injuries for later legal proceedings), why would anyone post such photos on Facebook? It turns out that hospital staff members are regularly violating privacy regulations (HIPAA) via posts on social networking sites. The LA Times article gives the following examples:
- “In June, five nurses were fired at Tri-City Medical Center in Oceanside [California] after hospital managers discovered they had been discussing patients on Facebook.”
- “Rebekah Child, a registered nurse at Cedars-Sinai’s emergency room who blogs for http://www.scrubsmag.com said she knows many nurses who write about patients on Facebook, some while they are working. “I’ve seen nurses say, ‘The patient in bed nine’ and somebody could figure out who they’re speaking about. Or ‘This patient came in with a heart attack’ and identifying information is included.”
HIPAA violations before HIPAA
When I was in my residency training at University of California San Francisco, many moons ago, there was a famous story about two doctors discussing a patient while riding up in an elevator. It turns out a relative of the patient was in the elevator and was, rightfully, disturbed to hear the case being discussed in public. Take that example and fast forward to the age of ubiquitous cell phones that allow photos to be snapped and instantly forwarded to friends or uploaded to social networking sites, and, bingo, you can violate someone’s privacy big time.
Hospitals and other healthcare organizations have been trying to prevent HIPAA violations via social networking sites by training employees and having policies that prevent the use of social networking sites while at work. They can block those sites on the company’s computers and smartphone’s, but, short of punishment after the fact (suspension, firing); it may prove difficult to prevent folks from surreptitiously snapping the shot and posting the offending photo from home.
As people become more and more comfortable disclosing highly personal information about themselves on social networking sites, it is not surprising that they shut off privacy filters as they apply to others they come in contact with socially or in the workplace. This presents a formidable challenge to all of us that come in contact with the healthcare system—either as a healthcare worker or a patient.
Has anyone out there figured out a solution? If so, let me know.
The patient died soon after his photographs were taken. His death was ruled a homicide. His attacker has been arrested. His death is being investigated by the Long Beach Police and the Department of Social Services.
Four people were fired and three were disciplined. “At least two nurses were involved, but none was fired, a union spokesman said.” What??