My phone started beeping at me.
And it kept beeping at me, which is usually a signal that a family member really really wants to get my attention.
In this case, it was my son, and as I scrolled through messages, it was obvious he was madder than a wet hen.
As context: my son is a nurse and cares for adult patients with significantly impaired and deteriorating cognitive impairment. It’s challenging work for professionals, and challenging and sad for family members who may not be able to get accurate and clear information from the patient about their care. But as understandable as the concerns are, surveilling patients — including other patients and employees — without the consent of those being monitored — is just not okay. In fact, in many states, it’s considered eavesdropping and illegal. And then, of course, there are the HIPAA concerns when it’s another patient violating a patient’s privacy. What happens if the covered entity didn’t breach privacy but didn’t prevent other patients or those patients’ relatives from breaching it?
So what triggered that flurry of messages, you wonder? Yesterday, my son discovered a concealed camera on a shelf in a patient’s room. A colleague recognized it because she used the same device in her baby’s nursery. A little research showed him that the device was recording both video and audio and could pick up the entire room — including when he was cleaning and caring for another patient in the room.
As far as PogoWasRight.org knows, neither the patient nor her roommate ever consented to being monitored by the one patient’s daughter this way.
“She might be HER mom, but she’s MY patient. And therefore MY legal responsibility. As is the roommate,” my son wrote.
“What if someone hacks it? That’s audio and video of us changing her.”
Did the daughter have any paperwork that gave her proxy or power of attorney to authorize the monitoring? This site does not know, but when confronted, the patient’s daughter reportedly admitted that she had been told that she could not install a monitoring device in the room but did it anyway: “I know you told me not to, but I had to violate a little bit of your privacy to get an answer, and I did!” she reportedly said when confronted.
Will there be any consequences to the well-meaning daughter who knowingly violated her mother’s privacy and others’ privacy?
I wonder how she’d feel if my son violated a little bit of HER privacy to get an answer. I’m guessing she wouldn’t like it.
And for the benefit of so many people who think they understand HIPAA but really don’t: what has been revealed in this post is not protected health information.
Paragraph 4 was edited post-publication because it contained an earlier version of text instead of the intended version.