If you work in healthcare, it’s likely you are using social media in some way, shape or form. Healthcare organizations and medical practices utilize social media to engage with patients and consumers. Physicians and nurses research medical information through the internet and social media platforms. Hospitals use social media to supply patient information, announce news and events, further public relations and promote health.
Social media helps healthcare entities communicate with patients and relay vital health information. However, due to the high-risk nature of social media platforms, it also comes with exponential risks that can lead to HIPAA violations. In fact, social media is one of the main avenues where breaches of protected health information (PHI) occur for healthcare organizations, which is why training employees on social media & HIPAA is essential to protecting your practice or your organization from potential violations and fines.
The HIPAA Privacy Rule prohibits the use of personal health information (PHI) on social media. This includes posts or texts about patients and images or videos that may result in a patient being identified. Some of the most common social media HIPAA violations include:
- Healthcare workers posting images or videos without a patient’s consent
- Posting photographs from inside a healthcare facility where a patient could be identified
- Sending pictures, videos or text to a private social media group
There are severe consequences and hefty penalties for healthcare organizations or employees that violate HIPAA, which is why all workers must be trained on HIPAA social media rules. Healthcare organizations must also implement a HIPAA social media policy to reduce the risk of privacy violations. Two recent examples of HIPAA social media violations that have resulted in disciplinary action against the offenders include:
- In October 2019, a dental practice was fined $10,000 for impermissibly disclosing PHI on a social media review site.
- In January 2016, a nursing assistant was fired from her job and sentenced to 30 days in jail for posting a video of a patient online.
Keep in mind:
PHI can only be included on social media if a patient has given their consent, in writing, to allow their PHI to be used and then only for the purpose written in the consent form.
For more information:
For questions regarding HIPAA social media requirements or social media training, contact the experts at MedSafe for a free consultation. MedSafe is the nation’s leading one-stop resource for outsourced regulatory compliance solutions in healthcare.
Toll-free: (888) MED-SAFE