Face Challenges Confidently

How Your Practice Can Avoid HIPAA Violations On Social Media

Thursday, June 29th, 2017

The usefulness of social media for business cannot be overstated. These websites and apps allow companies to connect with clients immediately and to advertise their services to a wide audience. Although these are great developments, as with any new technology, there is a good side and a bad side. For many people, social media also presents many new opportunities to violate their duties of confidentiality, including those under the Health Insurance Portability and Accountability Act (HIPAA).

What is HIPAA?

HIPAA is the primary source of regulations that help protect against the accidental disclosure of patient details and sensitive information. A HIPAA violation could lead to a malpractice lawsuit, discipline from the licensing board, or fines and other punishment from the Office for Civil Rights (OCR), the government agency that enforces HIPAA.

Social media and HIPAA

These days, it is acceptable to post and share everything on social media. It is normal to immediately tweet or post a funny, interesting, embarrassing, or irritating story from a date, work, or family gathering. It is critical that you avoid this impulse at all costs regarding your patients.

Sometimes, news stations will air comical stories about patients that were given to them by a nurse or other healthcare facility staff member. Unfortunately, while many may find these stories entertaining, posting about a patient’s experience while receiving treatment is a clear violation of HIPAA. Violating HIPAA could subject a healthcare facility to a lawsuit or penalties. Many unwary medical professionals post about their patients and are chastised by their employer or licensing board or even fired. To help protect your practice against HIPAA violations on social media, there are a few things you and your staff can do.

Helpful steps to avoid HIPAA violations

First, keep your personal and professional social media accounts separate. You don’t want to post funny or embarrassing stories to a forum where potential clients or business contacts might see them. You should always be professional on your social media accounts.

As part of keeping separate social media profiles, do not accept friend requests or invites from clients or colleagues. Additionally, do not join any professional groups or organizations on your personal profile. Keep all of this activity on your professional profiles.

Second, always remember that anything you post on the internet stays there, even if you delete it. There are numerous stories of old tweets and posts resurfacing from celebrities and politicians. You can “scrub” your online persona, but all it takes is one person to document it and that post is available forever.

Additionally, just because you keep your social media settings on private does not mean that your information is protected. You are likely friends with people you barely know on both your personal and professional social media accounts. Many people can access your account, so be careful who you allow to see your information.

Third, HIPAA lists 18 identifiers that must remain private. For instance, birth dates, vehicle information, neighborhoods, and photos must all remain private. Keep in mind that even the smallest detail can reveal a person’s identity, particularly in small communities. Even if your patient posts about their treatment, this does not mean they waive their right to prevent you from posting about it. Regardless of what the patient does, healthcare providers can never reveal details about their patients.

Finally, all staff members are required to report any HIPAA violations to their employer, including violations from a fellow employee.

Staying HIPAA compliant

Ensuring that you and your staff are adequately trained to comply with HIPAA is an ongoing process. These tips are merely the beginning. You must institute protocols and regular trainings to inform new hires and remind old employees of their obligations.

For more information about remaining HIPAA compliant, contact the professionals at Brown & Fortunato today. Our expert attorneys provide a wide range of services that ensure every hospital and private practice remains HIPAA compliant. Call us today at 806-345-6300 or drop by our offices at 905 S. Fillmore, Suite 400, Amarillo, Texas to learn more about our practice areas. You can Contact Us by email for more information about how we can help your healthcare practice.

This information is subject to change. Please check for updates that are more recent than the published date of this article.