By Margaret Scavotto, JD, CHC
mcs@healthcareperformance.com
Privacy Officers are spending more and more time conducting HIPAA breach analyses on employee social media posts. Here’s 5 posts your Privacy Officer really does not want to see:
5. Anything with a photo of a patient. Anything.
The fact that someone is a patient is PHI. Unless that patient signs an authorization allowing their photo to be shared, this is risky territory when it comes to HIPAA and social media. With Instagram, Twitter, Facebook and smart phones, we are living in a world of pictures–and thus a world of potential HIPAA violations at work.
4. The well-meaning breach.
“Happy birthday Millie! I love being your nurse!”
Sadly, posts fueled by the best of intentions can still pose a HIPAA problem. Does Millie want the whole world knowing that she is a patient of this nurse? What if this nurse specializes in a certain illness–in that case, does Millie want the whole world knowing she has that illness?
3. The failed attempt at anonymity.
“Treated a pregnant teen tonight for an overdose. So sad…”
With the incredible connectivity and searchability that the internet brings, it is really hard to keep comments about health care truly anonymous. This is particularly true in smaller communities, and when sensitive facts or treatments are used.
2. The rant.
“Alcoholic hockey players are so grumpy…”
Much like the “anonymous” posts, PHI often leaks out when employees turn to the internet to rant. When patients are discussed–even indirectly–employers often find themselves researching a potential HIPAA breach.
1. The HIPAA problem AND the dignity problem.
“Tired of cranky patients who argue with me over which shirt to wear!”
These types of posts are horrifying not just to your Privacy Officer, but to your Compliance Officer as well. What if this patient, or a relative, saw this post? How would he or she feel about being seen as “cranky”? While this post might seem fairly benign, one can imagine statements with even more serious implications for patient dignity/resident rights.
What can we do?
Help your employees get it right:
- Implement a social media policy.
- Train employees to recognize PHI.
- Use examples. Help your team understand how seemingly innocent posts can violate HIPAA.
- Train some more! Keep HIPAA and social media top of mind.
- Encourage staff to report violations of the policy. This will allow you to research potential breaches and mitigate them swiftly.
Taking on the unstoppable world of social media might seem impossible. But it’s better to help employees use it properly–and know when they aren’t–than to cover our eyes and wait to hear it from the patients (or the media).
[bctt tweet=”The 5 Social Media Posts Your Privacy Officer Fears Most @mpaCompliance ” via=”no”]
Very on point. Great examples.
Excellent post! I am not in health care privacy/compliance, but your examples made me shudder, and your advice was right on.
So of those who are looking into get a clearer perspective on the challenge of PHI and social media sites, are you at least monitoring Internet access to some of the popular sites such as Facebook?
Despite the fact that social media compliance can be taught and health care providers can be assessed and certified to use social media effectively and responsibly, most employers still aren’t willing to invest in training their workforce. They’ll train their marketing people to use social media to promote themselves, but not their rank and file employees, who use social networks every day at work. Until misuse is seen as something to be avoided, instead of just the cost of doing business, privacy officers will continue to work in fear.
Eric, I whole-heartedly agree! This is a missed opportunity. I have seen providers achieve massive improvements in employee social media use with simple–but aggressive–social media education campaigns. It has become essential in this era of a workforce with 800 Facebook friends in their back pocket, and everyone can achieve improvement.
Enlightening article. I’d like to add a sixth point… posting selfies while at work. People can be quite oblivious as to what may be in their background when posting photos.
Comments are closed.