Disagree with me all you want to, Wufan and Kung, but here's some background:


Cited:
Authorization. A covered entity must obtain the individual’s written authorization
for any use or disclosure of protected health information that is not for treatment,
payment or health care operations or otherwise permitted or required by the Privacy
Rule.44 A covered entity may not condition treatment, payment, enrollment, or
benefits eligibility on an individual granting an authorization, except in limited
circumstances.45
An authorization must be written in specific terms. It may allow use and disclosure
of protected health information by the covered entity seeking the authorization, or by
a third party. Examples of disclosures that would require an individual’s
authorization include disclosures to a life insurer for coverage purposes, disclosures
to an employer of the results of a pre-employment physical or lab test, or disclosures
to a pharmaceutical firm for their own marketing purposes.
All authorizations must be in plain language, and contain specific information
regarding the information to be disclosed or used, the person(s) disclosing and
receiving the information, expiration, right to revoke in writing, and other data. The
Privacy Rule contains transition provisions applicable to authorizations and other
express legal permissions obtained prior to April 14, 2003. 46

Here's more regarding minimum necessary disclosure of unformation:
"Minimum Necessary. A central aspect of the Privacy Rule is the principle of
“minimum necessary” use and disclosure. A covered entity must make reasonable
efforts to use, disclose, and request only the minimum amount of protected health
information needed to accomplish the intended purpose of the use, disclosure, or
request.50 A covered entity must develop and implement policies and procedures to
reasonably limit uses and disclosures to the minimum necessary. When the minimum
necessary standard applies to a use or disclosure, a covered entity may not use,
disclose, or request the entire medical record for a particular purpose, unless it can
specifically justify the whole record as the amount reasonably needed for the purpose.
See OCR “Minimum Necessary” Guidance.
The minimum necessary requirement is not imposed in any of the following
circumstances: (a) disclosure to or a request by a health care provider for treatment;
(b) disclosure to an individual who is the subject of the information, or the
individual’s personal representative; (c) use or disclosure made pursuant to an
authorization; (d) disclosure to HHS for complaint investigation, compliance review
or enforcement; (e) use or disclosure that is required by law; or (f) use or disclosure
required for compliance with the HIPAA Transactions Rule or other HIPAA
Administrative Simplification Rules.
Access and Uses. For internal uses, a covered entity must develop and implement
policies and procedures that restrict access and uses of protected health information
based on the specific roles of the members of their workforce. These policies and
procedures must identify the persons, or classes of persons, in the workforce who
need access to protected health information to carry out their duties, the categories of
OCR Privacy Rule Summary 11 Last Revised 05/03
protected health information to which access is needed, and any conditions under
which they need the information to do their jobs.
Disclosures and Requests for Disclosures. Covered entities must establish and
implement policies and procedures (which may be standard protocols) for routine,
recurring disclosures, or requests for disclosures, that limits the protected health
information disclosed to that which is the minimum amount reasonably necessary to
achieve the purpose of the disclosure. Individual review of each disclosure is not
required. For non-routine, non-recurring disclosures, or requests for disclosures that
it makes, covered entities must develop criteria designed to limit disclosures to the
information reasonably necessary to accomplish the purpose of the disclosure and
review each of these requests individually in accordance with the established criteria.
Reasonable Reliance. If another covered entity makes a request for protected health
information, a covered entity may rely, if reasonable under the circumstances, on the
request as complying with this minimum necessary standard. Similarly, a covered
entity may rely upon requests as being the minimum necessary protected health
information from: (a) a public official, (b) a professional (such as an attorney or
accountant) who is the covered entity’s business associate, seeking the information to
provide services to or for the covered entity; or (c) a researcher who provides the
documentation or representation required by the Privacy Rule for research."

Again, if this isn't a violation of HIPPA, it should run afoul of hospital policy.

No matter how you try to spin it, the purpose of legal and compliance functions is to prevent occurrence of situations where the perception exists that a violation might have occurred.

Of course Kung probably hates compliance people, he probably thinks they're bureaucrats.

Did MoValleyJohn name the individual he was discussing, show an identifying photograph, or provide information where one could easily identify the individual?

If not, then none of the rest of that matters. It's not a violation unless he specifies the individual.

Until you establish what hospital @MoValley John: works for, your post is irrelevant because he doesn't fall under HIPAA requirements.

Does that hospital use fusion to get its power? I was just wondering how most of these last few posts were related to the topic.

Well, I guess they do perform transfusions, so maybe that's how.

You guys are ruining my sci fi fantasy with all of this reality you keep discussing

Actually, names don't have to be disclosed, only identifying info of the patient. In this case, I believe the patient being discussed was one of only 2 in the United States, so any chance of privacy was gone once the media released the name. However, discussing actual patient care provided would be protected. If I read correctly, MVJ was discussing care provided - either by his wife or a colleague- which became a violation by that employee.

Here is the "HIPAA violation" of which is being spoken:

I'm not saying anything that should give any hope, because I know nothing about what is happening, this is heresay, rumor from someone who knows nothing, maybe a complete uneducated and completely uninformed guess, but the NBC cameraman being treated in Omaha has been back on solid foods for days. He is well on his way to recovery. I don't know this to be true of course, just throwing it out there that this guy is getting better.

I think I proved my point. Let's move on. This thread is about cold fusion. If we disagree, let's be respectful about it. I understand that there are people who have to 'see it to believe it'. I can respect that.

I believe we are on the verge of some huge discoveries with cold fusion, and I'm excited about it.

If the energy companies are smart, they'll get on the bandwagon, I think we have some remarkable transformational changes ahead and I'm looking forward to them. With all the buzz going on, I can't help but think we're close to a breakthrough.

It's amazing the problems today's young engineers are solving and I hope WSU will play a significant role in it going forward.

Wrongo. I gave no specific information. The fact that people can make conclusions doesn't make it a violation. The only specific information I ever gave was to state that Omaha would be receiving an Ebola patient prior to any media outlets getting that information. I gave no names. I have never given specifics and my wife has never identified any patients she has ever treated. Ever.

I think it was Royal or Wu that guessed NBC cameraman. No HIPAA violated. Hell, there have been more potential HIPAA violations released by the media than I could ever unearth. I've walked up to the line but never crossed it.

Forbes is being a little skeptical, but not much:

No, you didn't. BTW, what do you say about the present administration as they talk daily about the status of all the ebola patients?

If 2 nurses are discussing "the patient in room 4-450" on Facebook, it is a violation. And when the family members see those disparaging comments about their family member in Rm 4-450, they usually aren't happy, and sometimes, employees lose their jobs. Just saying, patient names don't have to be used to violate HIPAA.

That is correct.

But my wife never told me anything that violated anything. I only formed answers based on years of my ability to read her. She can talk to me about generalized medical discussion topics. The fact that I can read her beyond anyone else in this world is something that can't be regulated. If I ask my wife what she did and she said something about having to prepare food, and I was able to deduce solid foods and I was able to intemperate that meant one of her pts was doing better, she has told me nothing. Furthermore, nothing I have said hasn't already been given the okay by the pt and family members. No HIPAA violation.

http://phys.org/news/2014-10-week-hidden-universe-pursuit-compact.html


Interesting week in physics(How bout that battery)