You may be wondering, what exactly does the Health Insurance Portability and Accountability Act have to do with apps like Facebook, Instagram, and Twitter?
Well, problems occur between HIPAA and social media platforms more often than you may think.
For example, recently, a nurse at a Texas children's hospital was fired for posting protected health information on Facebook, which is in direct violation of HIPAA.
In the Facebook post, the nurse talked about a young patient with measles who was brought in for treatment.
After her hospital caught wind of the post, they suspended the nurse and conducted an investigation.
The nurse's post was ultimately ruled to be in direct violation of HIPAA, although she never once used the name of the young child in any of her posts or comments.
However, the following information was made available to the public through her posts: Her job title which she listed on her profile, which hospital she worked at, and the condition of the child — which she made clear was a boy.
Due to the high vaccination rate in Houston (Nearly 95%), measles cases in the area are rare. There have just been ten confirmed cases in the past ten years. So, it would be possible for someone to identify the child because of the information given and the rarity of the disease in the area.
The lesson to be learned here is that hospital employees should never publicly speak on patients, regardless of whether or not they use their name. Social media posts are no exception.
Here are some other potential HIPAA violations to watch out for when it comes to social media.
Avoid Posting Anything That Falls Under PHI
PHI, which stands for Protected Health Information, is any of the following, as described in HIPAA:
- Names
- Full face photos
- Dates of birth
- Addresses
- Social security numbers
- Medical data
- Financial information
HIPAA regulation forbids the use of any of that information in social media or marketing campaigns.
If you are found guilty of posting Personal Health Information to the public form — whether you meant to or not — you may be subject to severe fines.
It should be noted that even if you did have permission to take a photo or video of a patient, that does not give you the right to post it publicly.
A good rule of thumb, if you're not quite sure about whether or not something you are about to post is considered Personal Health Information, then don't post it.
It's much better to be safe than sorry.
Don't Post Negative Things About Patients or the Workplace
Sometimes we feel like we need to blow off some steam from work-related issues, but if you work at a healthcare facility, then doing so could land you in hot water.
Healthcare professionals should never do any of the following on their social platforms:
- Blow off steam regarding work-related issues
- Use offensive language or voice offensive comments
- Complain about or comment on the health of patients
Even people who do not work in the healthcare field should avoid posting comments that degrade their work.
If you have issues at work that you believe is affecting the effectiveness of the workplace in treating patients, go to someone internally to voice your concerns.
Otherwise, you may end up causing more harm than good.
Medicus IT - Your Trusted HIPAA Compliance Tech Partner
At Medicus IT, we have a talented team of IT professionals who are well versed in what it means to be HIPAA compliant.
We like to say that we are fluent in HIPAA. We are intimately familiar with the rules and regulations of HIPAA and strive towards helping healthcare companies maintain their compliance.
Our team has extensive healthcare-specific IT experience and provides ongoing training so that you can rest easy knowing that our engineers are helping your practice maintain HIPAA compliance and reduce potential liability, daily.
We strive to take care of all your healthcare IT concerns. Let us provide you a free network assessment to determine any gaps in HIPAA compliance today! "We do IT right!" so that you can do what you do best: take care of your patients.