That’s not how HIPAA works. There is a huge difference between knowing a specific person has a specific disease, and talking about a case without identifying the specific person.
A case study is very common and gives a great deal of information about the medical side of what someone has gone through, without identifying them. https://en.wikipedia.org/wiki/Case_study
Yeah, if you fully grasped what he was saying it was actually a funny joke. The person substantiates by revealing the identity, and that's the hipaa violation.
So how would she substantiate these claims without committing the violation, again?
Assume just for this answer that she's not an institution conducting a case study, but an individual conducting a TV interview. Tell me what evidence she sends to the station that substantiates the story but does not violate HIPAA.
The same basic things you do to substantiate any story. Verify the details you can such as does this person work at that location, and verify as much as possible with other coworkers.
I mean...many uncomfortable truths ARE HIPAA violations. What makes it NOT a HIPAA violation is that it's just general/anonymized anecdata.
I can't go up to someone and be like "Alice Rosenstein has cervical cancer, sorry if that's an uncomfortable truth, but the law wasn't written to protect your feelings." That would, in fact, be a HIPAA violation.
There is a difference between saying, Mrs. Jones has a bad yeast infection and there are many yeast infections this time of year. The one is giving patient information the other is discussing the disease.
HIPAA is a US law that's focused on protecting the privacy of a person's medical history. In SQL terms you can't JOIN a person's identity with their medical history (unless explicitly authorized). However aggregated data is allowed, as long as it can't be easily reverse-engineered.
You acknowledge that HIPAA doesn’t allow identifying specific patients. Are you under the impression that she named a identified a specific person in that article?
