How often do we catch ourselves talking about someone else? While these conversations might not be malicious, it’s still gossiping.

Gossip is a casual conversation about other people which can be positive, neutral, or negative.

A study found that the average person spends about 52 minutes per day engaging in this type of conversation. That’s almost an hour devoted to talking about someone else. Now add up that time for a week, a month, or even a year. Think about how much you could get done if you didn’t spend all of that time gossiping!

These conversations are detrimental in the workplace. It’s unproductive and wastes time during the day, as I just mentioned. 

It also lowers staff morale and damages trust. But even worse, gossip can have legal repercussions. This is especially true in healthcare.

Workers in the health industry deal with a large amount of highly sensitive data. Letting any of this health information leave the workplace or the bubble of authorized individuals will cause a HIPAA breach. There are so many ways that these breaches occur with leaked details about patients. But one of the most common is from employee gossip.

It might be fun or convenient to talk about other patients, especially if you’re bored and something interesting happened at work. But it should always be off-limits. The last thing you want is for this time-killing activity to cause a lack of trust, lost job, or lawsuit.

The reason that gossip is so common is that it happens so naturally. It’s easy to fill conversations with stories of other people. It’s hard to catch ourselves doing it or recognize what qualifies as oversharing.

Let’s look at some examples of gossip HIPAA violations so you can better avoid it at work. 

• Conversations in Common Areas 

• Sharing Stories Outside of Work

• Social Media Posts

• Answering Questions About Other Patients

• The “But I’m family…” Tactic

Gossiping about patients with other staff should always be off-limits, but especially in common areas.

Hospitals and medical facilities have so many public spaces where anyone could be right around the corner. Even if you need to talk with another employee about something permissible, you need to be mindful of where you do it. 

Any conversation regarding patients and their information should happen in privacy. Otherwise, someone could overhear.

Let’s say you’re at lunch in the hospital cafeteria with one of your close coworkers. This area was recently renovated to include a more natural look so it’s busy with both staff and visitors. Your coworker asks how your day is going so far and respond, as most of us would.

You tell her about a high-profile patient that came in this morning to schedule surgery that happened from a freak accident in the offseason. The starting quarterback for the Cleveland Browns.

Sure, you didn’t disclose his name but you did give away key identifiable details as to who it was by saying that he’s the starter and what team he plays for. Even if you aren’t familiar with the NFL, a simple Google search will give you exactly who it is, Baker Mayfield.

Now, a professional athlete holds the same stature as an actor or famous musician, they’re a celebrity. Athlete’s get as much attention as Hollywood’s finest but, instead of paparazzi, they’re mobbed by reporters and fans.

That’s the unfortunate problem that many public figures face. However, it doesn’t mean that they don’t have a right to healthcare privacy. This isn’t the first celebrity HIPAA breach, but you definitely committed a violation in this scenario.

Your coworker might not do anything with this knowledge, but it still violates what you can and can’t share. You had no reason to discuss the situation with this coworker, and you definitely weren’t allowed to talk about it around hospital visitors.

Even if the visitors don’t want to abuse knowing this information, they’re likely to report it to a hospital administrator. They’re uncomfortable that two employees were so willing to talk about another patient’s condition. It makes them wonder what you’ve said about them or their family members. And they’re even more upset about the insensitive comment your coworker made.

No matter what the story or situation is, don’t gossip about patient information in public areas. Even if you have permission to discuss it with another employee, do so in privacy so no unauthorized individuals overhear. 

So you shouldn’t talk about patients in common areas at work because someone else could overhear. But what about in the comfort of your own home with friends or family? No one from work will overhear, and your friends and family won’t see the person. 

But even then, you shouldn’t share these stories. You never know who someone else might tell or who they might know.

After all, haven’t you heard the old phrase from World War II, “Loose lips sink ships”?

As another example, maybe one of your patients is someone who your family knows. You work at a women’s health facility, and one of the new clients is someone you grew up with.

You’re shocked to find out that she’s pregnant, and you’re excited to get home to spill the news to your family.

You think the information won’t leave your house, but they’re just as shocked as you are to find out. They end up texting someone else in your small town, and eventually, it gets back to her that everyone knows. They’re all too impatient to congratulate her on the excitement. 

She was waiting to tell people, so she knows the only way that they found out is from someone at her appointment. Upset that there was a violation of her privacy from a gossip HIPAA breach, she files a complaint with the practice.

It doesn’t take long for them to piece together that you were the one who told since you know each other. And before you know it, you’re disciplined at your organization for a HIPAA violation. 

This is similar to the last situation. It might not seem like a form of gossip, but it is. Taking to the Internet to talk about your patients is just as bad, if not worse, about talking about patients in person.

You have way less control over where the information goes once it’s online. Anyone can screenshot, save, or send anything to another person who wouldn’t normally see your posts. 

As the saying goes, “Once it’s on the Internet, it’s there forever.” Even if you realize you made a mistake and try deleting it before it reaches anyone, it could be too late. It takes just seconds for social media newsfeed to refresh. By then, it’s impossible to know who has already seen it.

Even if your account is private, there’s still the risk of information ending up where it shouldn’t. It might sound safe to discuss patient experiences in a private Facebook group for nurses. But never share anything that violates the HIPAA Privacy Rule. You never know who else will end up seeing it, not to mention that social accounts get hacked often.

Let’s go back to the first example I mentioned discussing the professional football player. Who’s to say that one of the people around you in the cafeteria isn’t a source for a sports network, asking for more information?

If the network is the first to report a season-ending injury during the offseason, their story will trend on a global level. When a celebrity makes an appearance at a hospital, people will want to know…

• What happened

• How they’re doing

• The severity of the injury or reason

People love being the first to know or break big news, and that’s a burden you bear as a healthcare professional. But not without a huge cost. Especially when violating the privacy of a high-profile person, you’re likely to get fired, sued, or fined from a gossip HIPAA breach.

Sometimes people will specifically ask you about patients. It can be other employees genuinely wanting to know how they’re doing, or they’re just being nosy. Other patients also ask out of curiosity. Some even just want hope from another’s experience. 

This is a difficult situation to deal with. You don’t want to seem rude by pointing out that it’s none of their business. It can even feel like manipulation when coming from other employees. It’s hard to know on the spot if they have the authorization, and you don’t want to seem like you don’t trust them. Especially since you have to work together every day. 

You also want to give patients positive responses to inspire hope. Let’s say that you have an elderly patient who just had double hip and double knee replacement. He’ll be doing a lot of rehabilitation appointments and he worries he won’t walk again.

So, he asks you if you’ve had other patients in the same boat, what their experience was and if it’s likely that he’ll recover well.

You know you shouldn’t talk about someone else’s situation, but saying you can’t talk about it will make him believe he doesn’t have good chances. This could make him fearful or hopeless. 

Instead, you decide to share some details. You let him know that you had a patient a few months ago with the same surgery. They’re still going to therapy, but they’re doing better with a walker and see improvements every day.

You think it’s harmless, but he mentions this to another nurse. You accidentally disclosed the patient’s name while telling the encouraging story.

“How’s that patient from a few months back doing? I was so glad to hear she’s just using a walker now. And she’s older than me, too! If she can do it, I definitely can!”

Sure, it seems harmless. What is he going to do with this news? But, it’s the principle of sharing details which is problematic. Gossiping is a slippery slope, the more you commit it the more comfortable you become doing it.

What if the person you told the story to sees the patient coming into your office for therapy and they get approached?

This will make the client receiving therapy feel uncomfortably vulnerable or embarrassed, not to mention that it isn’t your place to choose who should know their story. 

Whether with patients or other coworkers, most employees feel uncomfortable having these conversations. But the problem is that they don’t know how to respond.

They feel flustered or overwhelmed to speak up on the spot that the question isn’t someone’s business. 

In order to avoid this awkward and dangerous situation, you need to cover this section within your annual training sessions.

Whether it’s with malicious or genuine intent, the following scenario does happen in healthcare.

Patients’ visitors try to learn more by saying that they’re family, therefore they should know. But not all family members have the right to know, and not everyone who makes this claim is even family. 

Sometimes this is with the best interest of the patient in mind, but other times it’s out of curiosity. 

Let’s say Grandma’s had a hunch that her granddaughter is pregnant. She’ll be sure to ask a doctor, but only when the granddaughter is coming off of anesthesia from her surgery. 

The HIPAA Privacy Rule outlines what’s permissible to share and who to share it with. This guides all health employees with withholding or giving details to a family member or friend. 

Even though your conversations about someone else might not be negative or malicious, it can still be hurtful. Gossiping damages trust between people and it makes for uncomfortable situations for the person you’re talking to. 

Most employees aren’t okay with talking about others, but it’s hard for them to voice that. It also wastes time, so doing this on the job can be frustrating for those who are trying to be productive. 

But even worse, it can have legal consequences. If you work in healthcare then you know about HIPAA. You should have received some kind of HIPAA training that went over what is or isn’t permissible to share. 

Maybe you missed this lesson, but talking about patients without a purpose or to an unauthorized person is never okay. Even if you mean no harm or don’t think the patient will ever find out, it still violates the person’s privacy. 

You’ll always need to get a client’s expressed consent when sharing anything that potentially exposes their protected health information (PHI). Even if you’re asking for their testimonial.