HIPAA, SOCIAL MEDIA & THE HEALTHCARE WORKER: SAFEGUARDING PATIENT DATA
Social media is ubiquitous in modern society, with people sharing just about everything with the world, including what they eat, where they went, and what they did at work. For healthcare professionals, social media can create a potential minefield with regard to regulations regarding patient privacy. Nurses, doctors, and other healthcare providers must exercise caution concerning what they share online, as even innocuous-seeming posts can constitute violations of patient rights under HIPAA. Proper training, including nurse education videos regarding social media usage, can help protect patients and professionals alike.
Consider this: Just a few years ago nurses at a North Dakota hospital began using Facebook to provide shift change updates to their co-workers, according to the Journal of the American Health Information Management Association. Facebook made it easy for the nurses to post the information where they could easily see and respond to it. While the nurses did not post the names of patients, they did write about various conditions patients were experiencing to prepare one another for shift changes.
While this may have seemed perfectly innocent, hospital administration didn’t see it that way, banning the practice when they learned of it. According to administrators, the nurses’ posts could have constituted potential breaches of patient confidentiality, putting the hospital at risk. After all, not only could the nurses see the information, so could everyone that they were friends with on the social network.
The North Dakota incident was a best-case scenario, as it did not result in a lawsuit, government fines, or mass firings of employees. Other nurses and health care facilities have not been as lucky. These incidents illustrate the need for healthcare professionals to understand HIPAA and how this law impacts their use of Twitter, Facebook, Instagram, and other social networks.
WHAT IS HIPAA?
The Health Insurance Portability and Accountability Act of 1996 governs a number of issues related to health care, including the security of medical information. This legislation was signed into law by President Bill Clinton in 1996, and most of the privacy regulations were implemented in 2003-2004.
HIPAA is divided into five sections:
HIPAA Title I – This section of the law provides individuals who change employers or lose their jobs with protections regarding their health insurance coverage. It also forbids group health plans from denying coverage to people based on specific diseases or pre-existing health conditions. It also prevents group health plans from establishing lifetime coverage limits.
HIPAA Title II – This section of the law enabled the U.S. Department of Health and Human Services to begin requiring health care organizations to begin using electronic medical records. The law also gave the department the power to establish standards for electronic medical records and electronic health care transactions.
HIPAA Title III – This section of the law relates to tax-related issues involving medical care.
HIPAA Title IV – This part of the law relates to health insurance reform and issues regarding pre-existing conditions and continued coverage.
HIPAA Title V – This section of the law involves company-owned life insurance plans for employees and issues regarding how people who lose their U.S. citizenship are treated regarding income taxes.
With regard to patient privacy, Title II of HIPAA is the most relevant. When most people refer to HIPAA compliance, they are referring to rules established in Title II. Title II requires compliance with a number of standards, including ones for provider identification, medical coding, and privacy and security.
Not complying with HIPAA standards can carry a heavy burden for healthcare providers, as a 2013 update to the law established hefty penalties the government can levy for non-compliance: up to $1.5 million per incident. In addition to these penalties, hospitals are required to notify patients of privacy breaches, and these patients may sue and recover damages from healthcare providers if the offense is sufficiently egregious.
Hospitals and healthcare providers recognize the potential for financial loss and the loss of patient confidence that HIPAA violations can entail. That’s why many institutions have made significant investments in staff training, including seminars, online activities, and nurse education videos for professionals regarding HIPAA and their obligations under the law.
SMART SOCIAL MEDIA POLICIES
According to the Online Journal of Issues in Nursing, complaints concerning inappropriate use of social media by nurses are more common than many might think. A March 2012 survey of about 30 boards of nursing found that 63 percent had received complaints against nurses for inappropriate social media usage. Of those, 64 percent said they had initiated disciplinary action against nurses as a result of these complaints.
Complaints varied, but the most common involved inappropriate posting of patient photos or posting of patient information to Facebook, Twitter, or other social media sites. Disciplinary action taken by the boards of nursing ranged from cautionary letters to suspension.
Industry experts suggest these guidelines for keeping nurses and other healthcare professionals from running afoul of HIPAA:
- Nurses and other healthcare professionals must understand their legal and ethical obligation to maintain patients’ privacy and confidentiality rights in the workplace and on social media.
- Healthcare professionals must avoid transmitting patient information or images that could infringe upon patients’ rights to confidentiality or privacy. This is particularly important regarding information or images that patients may find embarrassing or offensive.
- Healthcare professionals should avoid posting pictures or information regarding patients, even if the patients’ names are kept anonymous, as this information could be used to identify the patients. This includes posting to social media accounts and sharing with friends via text or email.
- Healthcare professionals absolutely must not identify their patients by name on social media or post any information that may lead to identification of a patient. Even limiting access to your posts via privacy settings does not sufficiently ensure safety in the eyes of the law.
- Healthcare professionals should avoid referring to patients in a disparaging manner online, even if they do not identify these patients.
- Taking photos or videos of patients on personal devices like smartphones should be avoided.
- With regard to sharing work-related posts information online, healthcare professionals should consult with their employer.
- Even if patients consent to having pictures or other information about themselves shared online, healthcare professionals should exercise caution. Before posting anything, nurses and other healthcare workers should consult with administration.
- Healthcare workers have an obligation to report breaches of confidentiality or privacy by other employees.
- “Friending” patients on social networking sites may be a violation of the proper boundary between nurses and patients. Nurses and other healthcare professionals should exercise caution in connecting with patients online.
- Nurses and other healthcare professionals should read and understand their organization’s social media policy. It is highly recommended that all healthcare facilities adopt a social media policy.
Good training can go a long way toward helping nurses, doctors, and support workers avoid unintentionally violating patient privacy and confidentiality. Regular training sessions will reinforce the message concerning HIPAA and patients’ rights, and keep healthcare professionals mindful of the need for discretion.
Organizations seeking training materials for healthcare personnel regarding social media and other ethical issues should turn to Medcom. Medcom nursing education videos provide easy-to-understand instruction in a variety of topics relevant to modern medical practice. Based in Southern California, Medcom has more than 1,000 nursing education videos and other instructional materials in its library, enabling the company to provide quality training to healthcare professionals.
Copyright © 2019 Medcom, Inc. All rights reserved.