HIPAA Guidelines and Social Media: Guidelines for Healthcare Providers and Employees

For those in the medical field, social networking can be dangerous. A solid rule of thumb is to keep your personal and professional lives apart and to avoid posting anything related to your job or work-related on social media.

If your post is about your job, there is a good likelihood that you will reveal personal health information (PHI), whether through text or images.

Every organization, covered entity, and business associate must adhere to HIPAA guidelines even when sharing any information on social media.

In order to guarantee complete secrecy, the Health Insurance Portability and Accountability Act (HIPAA), passed in 1996, aims to protect patient privacy and health information.

This law was in place long before social media, but it undoubtedly affects what medical institutions may and cannot communicate online.

Violators of the HIPAA social media rules risk severe repercussions, such as a fine or possibly the revocation of their license.

Because of this, maintaining HIPAA compliance on social media is essential for both the organization and the patients.

According to HIPAA, all PHI must be kept off social media sites unless the patient has specifically given their consent.

Common Violations

One of the frequent HIPAA violations at URMC and Affiliates is the disclosure of PHI over social media.

Some of these involve pictures, such as “selfies” with patient records or computer screens in the background or pictures of patients taken without their consent.

They go against several affiliates’ photography policies in addition to HIPAA regulations. Other posts discuss specific incidents or the workday in general.

Many are self-initiated, while others react to other people’s posts.

Members of the care team are not allowed to publicly recognize their involvement in the patient’s treatment or make any other comments regarding the patient’s condition, even if someone else, such as a patient or patient representative, has done so. This is because doing so will invariably reveal PHI.

“Real World” Examples of HIPAA Violations on Social Media:

Posting a video of a patient singing a Christmas hymn on Snapchat without permission

Tweeting that the soccer player who collapsed on the field and made the news is undergoing surgery

Informing your Facebook friends in private messages that patient Jones is psychotic.

Notifying pals through text that a patient you saw last night at a restaurant has just arrived.

Similar Posts