Healthcare News & Insights

How to avoid HIPAA violations while using social media

For healthcare professionals, exercising a certain level of care can prevent most HIPAA violations on social media. Taking care not to divulge personal information or health details about patients is a big step in the right direction. Keeping an eye out for less obvious violations is also important. In this guest post, Melanie Purkis, product leader of a web hosting company, will explain how to do it.

________________________________________________________

Social media is a blessing and a curse. But it can be a career-ending violation of HIPAA compliance for those in the healthcare field who aren’t paying attention. It makes sense that both doctors and patients flock to social media sites to consume content.

For patients, social media is a gateway to vast sources of education and health-related information. According to Deloitte, consumer use of social media for health purposes has been on the rise.

Doctors and nurses, on the other hand, are getting more comfortable tapping into social media as a marketing tool and using it to spread general information related to health care. While consumers or patients are free to post about their own health status as they please, the question around what healthcare professionals can post is much murkier.

Don’t talk about patients!

Most physicians know better than to post something like “Saw John Smith at 7 p.m. last night as part of his treatment for prostate cancer,” but many aren’t aware that even vague references can be a violation.

You may think you’re being sly by using general terms to describe a patient or health-related scenario (e.g., “Saw a 50-year old male last night for prostate cancer treatments”); however, those nuggets of information are enough for people to put the puzzle pieces together. It’s a puzzle that can land you in a lot of hot water.

While patient anonymity is required, it’s nearly impossible to do on social media, even in the most general terms. The risk that people will sleuth their way through the details is enough that doctors should avoid it.

Alternatively, you can talk in general terms about treatments, research, and conditions. Sharing information on how certain conditions present with specific symptoms is OK, if you’re not describing a specific patient. For example, it would be alright to say: “Women with x condition generally present with these symptoms …”

Review before posting

Many HIPAA violations on social media happen by accident. It may be as simple as accidentally sharing a photograph of a seemingly innocuous event (a workplace ice cream social) where patient files are visible in the background. Or it could be bad judgment in posting gossip about a patient, even if their full name isn’t disclosed. Even sharing a photograph or other personal health information of a patient without their express consent is a violation.

It can be helpful to review any images before you post them to social media sites. Be sure that there aren’t any accidental (or intentional) unauthorized photos, files, or other information lingering in the background of the photo.

Check before posting

What goes up doesn’t necessarily have to come down … all the way. In other words:

  • Once something is posted on the internet, assume that it will live there in some way, shape or form forever
  • Don’t ever assume the information you post is private, and
  • Don’t assume that deleting a post will clear you from a HIPAA violation. There’s a good chance that someone may have taken a screenshot of the post or otherwise captured it.

Secure your data

Another way to secure your customer data is to make sure you establish a physical firewall device on your systems to protect customer data from outside business networks. Your firewall can also block social media access entirely. Other security measures that are essential for compliance are web servers that have a separate database server, remote VPN, a data center that is separate from your office space, locked server cabinets and more.

Exercising a certain level of care can prevent most HIPAA violations on social media. Taking care not to divulge personal information or health details about patients is a big step in the right direction. Keeping an eye out for less obvious violations is also important.

Melanie Purkis is the product leader for Liquid Web’s managed hosting products & services, including HIPAA Compliant SolutionsMelanie has 23 years of experience with professional leadership in the IT and web hosting industries.

 

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.

Speak Your Mind

*

css.php