HIPAA and Social Media
Dec. 21, 2017
Quips like “it isn’t official unless it’s on Facebook” or “if there isn’t a picture of it, it didn’t happen” are a sign that it’s no secret we live in a social world.
Social media has proven to be a powerful tool that connects people and disseminates information worldwide with a single click.
When it comes to a career in health care, however, there are different rules users must adhere to.
HIPAA and the health care professional
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) gives patients rights over their health information. It sets rules and limits on who can look at and receive patients’ health information.
While it went into effect more than 20 years ago, it’s scope has evolved as society advances. It’s one of the reasons professional organizations, like National Council of State Boards of Nursing, have outlined and adopted a set of guidelines that specifically address social media.
Considerations before pressing publish
Under HIPAA, a breach or violation is an impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of the protected health information (PHI).
The NCSBN notes that even well-intentioned messages can be a violation of HIPAA. In a recent brief, A Nurse’s Guide to the Use of Social Media, they highlighted this case study:
As a licensed practical nurse for more than 20 years, Bob knew the importance of safeguarding a patient’s privacy and confidentiality. One day, he used his personal cell phone to take photos of Claire, a resident in the group home where he worked. Bob received permission from Claire’s brother to take the photo since she was unable to give consent due to her mental and physical condition. That evening, Bob ran into William, a former employee of the group home. While catching up, he showed William the photo of Claire and discussed her condition with him. The administrator of the group home later learned of Bob’s actions and terminated his employment for breach of confidentiality.
Healthcare Compliance Pros also outlined some common examples of social media HIPAA violations.
- Posting verbal “gossip” about a patient to unauthorized individuals, even if the name is not disclosed.
- Sharing of photographs, or any form of PHI without written consent from a patient.
- A mistaken belief that posts are private or have been deleted when they are still visible to the public.
- Sharing of seemingly innocent comments or pictures, such as a workplace lunch which happens to have visible patient files underneath.
Know your health care employers’ expectations
Whether you’re completing your externship hours for your health care training program as a Concorde student or are well-established in your career, know what your specific employers outline as acceptable use.
Exercise common sense when posting, but also err on the side of caution. If you have hesitation about whether it’s permissible to post, ask for permission. You’ll never be sorry, since HIPAA violations often carry fines and disciplinary action.
And most important, never stop learning. Because just when you think you know it all, everything around you will change again.