When HIPAA and Twitter collide: Can you blab away your privacy rights?

Should patient-doctor privacy policies be a two-way street?

That question rattles around my head after reading Michael Krigsman's account of Sarah Cortes, a patient that Twittered through a hospital consultation in rural Pennsylvania.

Krigsman writes:

Technology writer and blogger, Sarah Cortes, went by ambulance to Robert Packer Hospital, a facility located in rural Pennsylvania, after she suffered a serious spinal fracture. The story takes an unusual turn because Cortes says Twitter helped her escape from the clutches of hospital staff whom, she claims, tried to intimidate and coerce her into accepting unnecessary spinal surgery.

The account gets into details of Cortes' stay quickly. The rub: Robert Packer Hospital can't really respond much to Cortes' take due to the Health Insurance Portability and Accountability Act (HIPAA), which is partially designed to keep information private. As a result, you have a one-way account of Cortes' stay. Doctors can't talk. The hospital can't talk. Nurses can't say what happened.

The hospital cited HIPAA in its thin response to Cortes' claims. Here's the question: Should privacy procedures be waived by a patient's actions, say updating Twitter or Facebook during a surgery?

It's unclear, but as Krigsman notes the boundaries for standard operating procedures are falling due to new technologies. Nevertheless, I'd like to see a point-by-point rebuttal from the hospital to Cortes' allegations. Transparency should be both ways.