HIPAA and Social Media
Dec. 21, 2017
Quips like âit isnât official unless itâs on Facebookâ or âif there isnât a picture of it, it didnât happenâ are a sign that itâs no secret we live in a social world. Social media has proven to be a powerful tool that connects people and disseminates information worldwide with a single click. When it comes to a career in health care, however, there are different rules users must adhere to.
HIPAA and the health care professionalThe Health Insurance Portability and Accountability Act of 1996 (HIPAA) gives patients rights over their health information. It sets rules and limits on who can look at and receive patientsâ health information. While it went into effect more than 20 years ago, itâs scope has evolved as society advances. Itâs one of the reasons professional organizations, like National Council of State Boards of Nursing, have outlined and adopted a set of guidelines that specifically address social media.
Considerations before pressing publishUnder HIPAA, a breach or violation is an impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of the protected health information (PHI). The NCSBN notes that even well-intentioned messages can be a violation of HIPAA. In a recent brief, A Nurseâs Guide to the Use of Social Media, they highlighted this case study: As a licensed practical nurse for more than 20 years, Bob knew the importance of safeguarding a patientâs privacy and confidentiality. One day, he used his personal cell phone to take photos of Claire, a resident in the group home where he worked. Bob received permission from Claireâs brother to take the photo since she was unable to give consent due to her mental and physical condition. That evening, Bob ran into William, a former employee of the group home. While catching up, he showed William the photo of Claire and discussed her condition with him. The administrator of the group home later learned of Bobâs actions and terminated his employment for breach of confidentiality.Â Healthcare Compliance Pros also outlined some common examples of social media HIPAA violations. They include:
- Posting verbal âgossipâ about a patient to unauthorized individuals, even if the name is not disclosed.
- Sharing of photographs, or any form of PHI without written consent from a patient.
- A mistaken belief that posts are private or have been deleted when they are still visible to the public.
- Sharing of seemingly innocent comments or pictures, such as a workplace lunch which happens to have visible patient files underneath.