Healthcare professionals face a relentless challenge: administrative overload. Credentialing is a...
In today’s digital era, we rely heavily on social media platforms for both professional and personal use.
However, online social spaces provide plenty of opportunities for private information to become public – including patient medical records and data (HIPAA information). Social media HIPAA violations have become common and are problematic for a variety of reasons.
HIPAA violation penalties do not discriminate on how they happen – they carry serious consequences whether a violation happens online or offline. More concerningly, sharing too much information on social media is easy without even realizing it.
HIPAA specifies 18 types of patient information (aside from names) that must remain private. Sharing any one of those 18 - whether accidentally or otherwise - is a violation of HIPAA. There are, however, some social media HIPAA violations that happen more frequently than others.
According to Healthcare Compliance Pros, there are four major breaches of HIPAA compliance on social media:
Posting information about patients to unauthorized users (even if their name is left out).
Sharing photos of patients, medical documents, or other personal information without written consent.
Inadvertently exposing any of the above while sharing a picture of something else (e.g. visible documents in photos of employees).
Assuming posts are deleted or private when they’re not.
The easiest solution? Keep strict policies in place for how employees can use social media. Outline the correct procedures for any posts to social media and what isn’t acceptable at any time. Also, remind employees they represent your medical center online and can accrue penalties for HIPAA violations with their social media posts - even via their personal accounts.
While you should have rules in place, you shouldn’t cut off access completely – social media boosts your practice’s brand awareness and reach when used correctly.
When it comes to HIPAA and social media, there are (unfortunately) plenty of examples of what not to do. The following HIPAA violations on social led to serious consequences for those who hit publish for these posts:
A nurse took to TikTok and posted what she felt were “humorous” videos about the mistreatment of patients.
The nurse claimed the videos were simply for comedic relief and nobody was ever harmed in the videos. She was suspended by her employer, who cited misuse and unprofessional use of social media platforms. Her employer felt her actions went against their core values and would not tolerate that type of behavior.
Is this considered a HIPAA violation? Possibly.
The videos took place while at work on company property. Although there wasn't any protected health information exposed, many of her actions displayed negligence and abusive behavior.
Many members of the healthcare community, as well as other individuals, commented on the nurse’s videos. They argued her content was not appropriate or even humorous.
She was suspended, and legal action has since been taken.
During operations, a group of resident surgeons took pictures of their patients. The images were of body parts removed from the patients and uploaded online without consent.
In some pictures, the patients were still on the operating table. The patients could easily be identified in the images by anyone who knew them.
The suspected resident surgeons were subject to investigation and could be facing severe consequences due to HIPAA safety violations.
_____________________________________________________________________________
Related Content: 10 of the Best Media Tips for Healthcare Professionals
_____________________________________________________________________________
A nurse at Texas Children’s Hospital was terminated for posting details of a patient’s condition in a Facebook group.
The pediatric patient was too young to receive the measles vaccination and, unfortunately, he contracted the disease.
The nurse turned to an anti-vaccination group on Facebook, posting details of the boy’s condition. She said that his condition didn’t change her stance, but she could understand why parents vaccinate out of fear of these illnesses.
While she did not include the child’s name, the nurse’s Facebook profile listed where she worked. One parent in the group had a child at the same hospital and, worried about exposure to the disease, posted screenshots of the post to the hospital’s Facebook page.
The hospital launched an investigation and immediately suspended the nurse. While the nurse deleted some of her comments, the hospital fired her for posting PHI.
Ashley Jacobs is a former cast member on the reality show Southern Charm. During her time on the show, she worked as a hospice nurse and home healthcare aide.
Jacobs put herself at risk of violating HIPAA regulations when she sent a video to a fan that included one of her patients, a non-verbal pediatric patient. The fan reported the video to the South Carolina Board of Nursing for violating HIPAA.
Jacobs’ fans would often encourage her to post pictures with her patients. Although she stated that posting pictures of patients would violate HIPAA regulations, she posted pictures anyway.
Social media HIPAA violations are alarmingly common. Unfortunately, whether accidental or not, the consequences of compliance breaches remain the same.
Violations related to HIPAA laws have serious consequences, including job loss and other penalties. To avoid these, a proactive approach should include a regular risk assessment and corrective action plan.
Another way to prevent HIPAA violations on social media is to get proper compliance training for your staff. Even further, if you're hesitant to use social media to promote your practice, healthcare social media management can help you capitalize on your online presence while remaining HIPAA compliant.
(Editor's Note: This blog was originally published in November 2021 and was updated in May 2024 with current information.)
Healthcare professionals face a relentless challenge: administrative overload. Credentialing is a...
Did you know that over 90% of consumers use social media to help make health-related decisions? In...
Operating a private practice can put strain on the practicing physician, as they need to balance...
Maintaining a thriving medical practice hinges on attracting and retaining a steady flow of...
The Physician Self-Referral Law, commonly referred to as the Stark Law, is a federal law passed in...
Social media has become an integrated part of today's world, and it is no surprise that it plays an...
In today’s digital era, we rely heavily on social media platforms for both professional and...
HIPAA compliance represents a cornerstone of privacy and security in the healthcare sector,...
HIPAA compliance is a necessity for both the medical practice and the patient. A HIPAA compliance...
Medical care is necessary to prevent diseases and improve quality of life. With many doctors...
Leave a Comment