This is a good conversation. Hopefully you should learn something. I am not saying that in a mean or condesending way. If your desire to be a pharmacist this is important for you to understand.
Okay...to review:
From the U.S. Department of Health & Human Services website:
What Information is Protected
Protected Health Information. The Privacy Rule protects all "individually identifiable health information" held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this information "protected health information (PHI)."12
"Individually identifiable health information" is information, including demographic data, that relates to:
1. the individual's past, present or future physical or mental health or condition,
2. the provision of health care to the individual, or the past, present, or future payment for the provision of health care to the individual, and that identifies the individual or for which there is a reasonable basis to believe it can be used to identify the individual.
3. Individually identifiable health information includes many common identifiers (e.g., name, address, birth date, Social Security Number).
The first step is to understand the above definition. You need to be clear on what PHI is and what common identifiers are. It becomes covered under HIPAA if it is PHI and it has a common identifier associated with it. It is worthy of emphasis that PHI can be in any form or media, whether electronic, paper, or oral.
Now lets look at this quote from your last post.
Many health care providers and professionals have long made it a practice to ensure reasonable safeguards for individuals' health information – for instance:
* By speaking quietly when discussing a patient's condition with family members in a waiting room or other public area;
* By avoiding using patients' names in public hallways and elevators, and posting signs to remind employees to protect patient confidentiality;
You pulled this out of context but it is still usefull in our discussion. Again I ask you to always keep in mind what PHI is and remember it is covered under HIPAA if it is attached to a common identifier.
I will give you three scenarios:
1. Bob and Tom are pharmacists in a hospital. Bob gets on an elevator with Tom and five other people. Bob says, "Hey Tom, I am going to go upstairs and see an interesting patient would you like to come with me?" Tom says, "No Bob, I have to go down to SICU and check on a few patients. I can come up later. Where will you be?" Bob replies "I will be up in room 642 if you want to swing by."
2. Bob and Tom are on the elevator again with five other people. Bob says "Hey Tom I got the lab work back on John Smith." Bob replies "Oh good we can meet later and go over it. Tom says. "Okay how about at lunch. I am going over to the SICU to see Mary Smith right now."
3. Bob and Tom are on the elevator again with five other people. Bob says "Hey Tom, John Smith up in room 245 just got diagnosed with an inoperable primary brain tumor, glioblastoma multiforme." Tom replies, "Oh, thats terrible."
Tell me in each scenario if a HIPAA violation occured. If so tell me why using examples from the HIPAA law.