HIPAA Compliance for Medical Practices
82.5K views | +12 today
Follow
HIPAA Compliance for Medical Practices
HIPAA Compliance and HIPAA Risk management Articles, Tips and Updates for Medical Practices and Physicians
Your new post is loading...
Your new post is loading...
Scoop.it!

How to Engage on Social Media with HIPAA in Mind

How to Engage on Social Media with HIPAA in Mind | HIPAA Compliance for Medical Practices | Scoop.it

Social media is a great tool for growing a healthcare business and connecting with patients on a new level. You have the ability to establish expertise, provide education, and create a brand. But, social media comes with certain risks for healthcare professionals who are not careful. This is important asHIPAA violations can have serious consequences.

 

The basic rules of engagement are simple: Don’t post too many times in one day, don’t make every post a self-promotion, and don’t forget to proofread. However, medical professionals must also keep HIPAA — The Health Insurance Portability and Accountability Act — in mind when using social media.

Read our HIPAA guidelines for three tips to avoid privacy violations when building your online presence.

 

Patrol for protected health information protected by HIPAA

HIPAA outlines 18 types of protected health information, or PHIs, that could reveal the identity of a patient. If any information you share online includes details that could lead back to a specific patient, you’re violating in HIPAA compliance.”

 

The information provided in your own social media profile — names, locations, photos, dates — combined with even minimal information from the post could paint a surprisingly clear picture of PHI with minimal detective work. You might think you’ve disguised their identity, but a good rule of thumb is to leave any biographical information out when posting on social networks.

 

Remember to also use a critical eye when it comes to sharing images. Do a quick scan to make sure a patient or their files aren’t visible in the background of a seemingly harmless office snap.

 

If your practice wants to use photography for marketing or educational purposes, ensure you have proper patient consent. Create a form that explicitly states why a photo or video is being taken and retains your rights to the imagery.

Maintain a professional profile

There is a difference between your personal and professional online presence. Although social media platforms can be a great tool for friends to stay in touch, using social media for business requires greater professional distance.

 

And while an increasing number of people are becoming active on social media, you should never post directly to a patient’s profiles or tag their account in a post, as this would be a violation of HIPAA laws.A patient might engage with your online presence on their own accord, perhaps through a comment on a Facebook post or a review on your Healthgrades profile. 

 

Don’t be afraid to respond back, just leave any additional details about the patient or their treatment out.

Create a HIPAA social media strategy for your practice, and stick to it

An online presence is essential to healthcare marketing, even for the busiest doctor. Set yourself up for success by sticking to a consistent schedule and strategy. Create a HIPAA-compliant social media policy for your practice to establish a brand voice and stay safe. If additional help is needed, you can empower your front office staff with greater responsibility.

 

First and foremost, you’ll need to educate your staff on HIPAA. Anything they post will reflect back on you and your practice, so be sure that whoever manages your social media knows how to look out for possible HIPAA violations.

 

You also might consider implementing a social media style guide with HIPAA in mind, which can give direction on the best practices for your content, tone, and branding. For example, you could provide a repository of HIPAA-compliant responses for your staff to reference when engaging with patients.

 

Every social action you take online conveys something about your practice, so be sure you portray a positive image to your patients while also protecting their privacy.

 

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

mark's curator insight, May 3, 1:16 PM
Oxy Best Pharmacy, ship and do home delivery World Wide

BUY VYVANSE ONLINE, can be a smart move. It saves you money many times, as you remove the cost of a physical retailer. Online prices for medications are almost always lower, and when it comes to medications you require, any savings you can get can really help. You’ll often have to buy these medications regularly, and those costs can really add up. So buy drugs online gives you an opportunity to save a little time for you to buy will add up to substantial savings in time as you buy from home you need not take a drive to a pharmacy. If you want to buy Vyvanse online, then you’ve come to the right place visit Our Shop Page. To buy this medication from us you do not need a prescription and also it will be good if you have one as it will be way easy to make delivery without doing much on security. We’ll get the drug to you quickly, safely and you will pay online prices that easily beat out what you would pay at a physical pharmacy.

Why Us?

Payment methods: We take Western Union Money Gram, Bitcoin, Cashapp, and Zelle Payments. Order medications online from the best online pharmacy in the USA Here.

WE OFFER MONEY BACK GUARANTEE TO EVERYONE PURCHASING MEDICINES FROM US YOU CAN LOOK AT SOME FEW QUESTIONS THAT HAVE BEEN ANSWERED TO BACK THIS POINT HERE

If your package is not delivered to you because of our error, we will offer you a reshipment. We will ship a similar request for nothing out of your pocket. Inform us quickly in that regard so we solve the issue.

Buy Vyvanse Online HERE Now and have it delivered right at your doorsteps. Oxy Best Pharmacy is the best and secure place to order painkillers online. Customer satisfaction is our highest priority, and we never fail to exceed the customer’s expectations! Contact Oxy Best Pharmacy today for all of your meds. Order Vyvanse online and other highly controlled pills like BOTOX, MORPHINE, CODEINE, DIAZEPAM DILAUDID, SUBUTEX, FENTANYL PATCHES, XANAX, NEUROBLOC, OXYCODONE, OXYCONTIN, OPANA, ROXICODONE, SUBOXONE, OXYNORM AND RITALIN Online without Prescription. You are always welcome to our pharmacy at any time to enjoy from our best online services feel free to contact our pharmacy HERE

 

 

Scoop.it!

Social Media and HIPAA Compliance: What Medical Professionals Should Know 

Social Media and HIPAA Compliance: What Medical Professionals Should Know  | HIPAA Compliance for Medical Practices | Scoop.it

Social media is fast becoming one of the most impactful marketing channels for medical professionals; however, HIPAA regulations must be taken into account.

More than ever before, medical professionals are using social media every day in both their personal and professional lives. And of course this isn’t a bad thing: physicians, nurses, and other practitioners are in a unique position to engage and educate current patients and others in search of treatment. However, when used incorrectly, social media can be a veritable minefield in regards to HIPAA regulations for patient confidentiality. So in the interest of keeping those tweets flowing, let’s run through four easy ways to maintain compliance with these regulations.

1) Don’t Talk About Patients (Even When it’s Subtle)

HIPAA regulations for patient confidentiality may seem complicated, but they all essentially boil down to one key point: don’t share your patients’ personal information. Few medical professionals would post something as obviously problematic as “John Smith from Cherry Street came in last night with such-and-such medical condition,” but that’s far from the only way to incur a violation. Rather than taking the risk of accidentally broadcasting protected information like specific appointment times and diagnoses, avoid the issue altogether by never referring to an actual case or visit.

That said, medical professionals should absolutely post interesting and relevant information on their professional social media accounts. Just be sure to always keep things in broad terms — talk about specific conditions or treatment options, not specific patients.

2) Don’t Like, Share, Retweet, or Regram Your Patients’ Posts

Even if you don’t share the information yourself, it’s still possible for a physician to breach his or her patient’s confidentiality. One way to do so is by engaging with a specific patient on any social platform. Even if your patient chooses to post his or her medical information in a public forum, sharing this post with your own network could land you in hot water.

The easiest way to avoid this issue is by doing something that’s fairly intuitive: create separate accounts for your professional and personal activities.

3) Don’t Post Pictures of Patients or Their Documentation

When to comes to HIPAA compliance, one key mistake that should always be avoided is posting pictures of real-life patients. Even if you’re celebrating something as meaningful as a patient’s recovery from a serious illness or injury, sharing a photo of their likeness still counts in HIPAA’s eyes as a forbidden personal identifier. Another thing to keep in mind when posting photos from around the office or clinic: a patient’s files can accidentally get caught in the background. Always triple-check that your image is free of any potentially confidential paperwork or other materials.

It may sound easier to rule out photos of your workplace altogether, but warm, engaging imagery bolsters patient trust in your medical brand — in some cases increasing conversion rates by as much as 95%. Just be smart about the photos you share with your network.

4) Don’t Send Confidential Information Through Direct Messages

Switching over to direct messages might seem like an easy loophole in all of the regulations outlined above, as the interface of any social media platform would have you think that such messages are private and confidential. However, doing so would risk violating another one of HIPAA’s major tenets: the Security Rule, which mandates that all electronic protected health information (ePHI) is stored in such a way that it is secure from potential data breaches, leaks, or any other form of unwanted disclosure. Most social media messaging services do not meet HIPAA’s standard for compliance with this rule, and thus they should never be used to share patient data or health records with colleagues or even the patients themselves.

Luckily, a number of medical industry apps — such as DrFirst’s Backline — offer secure messaging platforms that are in compliance with HIPAA’s Security Rule. So keep the sharing away from Twitter DMs and Facebook Messenger and stick to the software and services that guarantee both compliance and conversions.

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

No comment yet.
Scoop.it!

HIPAA and Social Media: What are the Rule

HIPAA and Social Media: What are the Rule | HIPAA Compliance for Medical Practices | Scoop.it

The use of social media in today’s society continues to grow as more Americans interact through one or more social media platforms. Whether writing a blog article, posting on Facebook or tweeting on Twitter, many users see social media as a primary means to communicate. According the Pew Research Center, as many as 46% of users “discussed a news issue or event” on a social media platform.

As more healthcare providers use or consider using social media for business purposes, HIPAA plays a more significant role in what can be said in a Facebook post, a tweet or a blog article. There are some clear challenges when it comes to meeting the requirements of the HIPAA Privacy Rule. But those challenges do not need to be obstacles, as long as there is proper guidance on what can or cannot be posted. 

My advice when it comes to the use of social media in a healthcare organization is to have a comprehensive, written policy and procedure. The less discretion the better, meaning there is always structured guidance to follow with little to no wiggle room.

In formulating your organization’s social media policy, start with the 3 W’s: Who, What and Where.  

  • Who – Determine who is permitted to post material on social media on behalf of the organization. Designate a specific person as the organization’s official social media administrator.
  • What – Determine what can be posted. The policy should include how to handle an individual that posts a medical question on a social media platform. As an example, if a patient can ask specific questions about a medical condition on your Facebook page, how does your organization address it? I caution from a possible liability standpoint that it may be inappropriate to respond with advice. A better response would be to ask the individual to contact the office to discuss the specific concern.
  • Where – Determine where and on what platforms posting will occur. The policy must clearly state which social media sites the organization will use.  

Guidelines issued by the AMA on social media say, “Be cognizant of standards of patient privacy and confidentiality. Don't post sensitive patient information online or transmit it without appropriate protection.” The guidelines also say to “maintain the appropriate boundaries of the patient-physician relationship, just as in any other context.” This means following all the applicable standards of the HIPAA Privacy Rule.

Another area of concern is the use of patient testimonials. This is a somewhat newer trend in the healthcare provider marketing strategy. Any patient testimonials used by a healthcare organization must comply with the HIPAA Privacy Rule. A healthcare provider, as a covered entity, must obtain the written authorization of the patient prior to any use or disclosure of the individual’s protected health information for marketing purposes.

In a recent case, a California physical therapy practice paid a settlement of $25,000 to the HHS Office for Civil Rights for a HIPAA privacy violation. There were allegations that the practice posted patient testimonials to its website without legal, HIPAA-compliant authorization. This is not a situation you want to find yourself in.

If your organization embraces social media as a method to market or provide information, have robust policies and procedures in place and follow them. You can be social, but be safe.

Technical Dr. Inc.'s insight:

Contact Details :
inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com/tdr

No comment yet.
Scoop.it!

Is Your Medical Practice's Social Media Policy Adequate?

Is Your Medical Practice's Social Media Policy Adequate? | HIPAA Compliance for Medical Practices | Scoop.it

By now every physician should be aware of the benefits that can be bestowed upon their practice as a result of social media. Indeed many practices are engaging in one or more social media platforms on a regular basis. Moreover, staff members are most definitely active in social media, and probably use it while at work.

Physicians and practice managers must be smart about training employees on what they should and should not share online. Staff in your practice could incur liability on behalf of your practice as a result of their comments on social media. Because of the confidentiality rules in HIPAA, staff training is important. You should constantly remind employees that they are representatives of the practice.

You should also have some sort of social media policy in place. Here are a few key items your policy should include:

1. Guidelines and expectations. Your policy should set clear expectations for how team members (as representatives of your practice) must conduct themselves online.

Your policy should clearly state that there will be no posting of protected health information (PHI) and that employees are not allowed to use social media in work areas near patients. Be specific in training your employees and inform them to avoid identifying patients in any way on social media — this includes names, unique characteristics, etc.

Some practices do not allow employees to use social media for personal reasons on work time. While that is fine as a policy, it does not circumvent the need to appropriately train your staff. Moreover, it can be hard to police.

It is advisable to discourage team members from engaging with patients on social media. If they do engage patients, they certainly should not be discussing patient-related matters.

Lastly, someone (most likely the practice administrator) should be designated as the spokesperson responsible for answering questions about your practice on social media.

2. Penalties and consequences. Penalties for data breaches increased under the American Recovery and Reinvestment Act so your policy should make it clear to employees about the consequences of their actions on social media sites.

An individual claiming he did not know he violated HIPAA is subject to a minimum of $100 per violation. A HIPAA violation due to reasonable cause and not due to willful neglect carries a minimum fine of $1,000 per violation. A HIPAA violation that is due to willful neglect (but corrected in short order) is subject to a minimum of $10,000 per violation. Lastly, a HIPAA violation that is due to willful neglect and not corrected carries a minimum fine of $50,000 per violation. The maximum fine for each of these four categories is $50,000 per violation.

3. Explanations of rules and regulations. The social media policy should outline what is illegal, what is considered confidential information of the practice, and what is protected health information.

It’s not enough to have a social media policy — employers should put in just as much time and effort in training their employees on the ins and outs of the policy. Make it a separate document from the employee handbook.

No comment yet.
Scoop.it!

HIPAA Social Media Rules

HIPAA Social Media Rules | HIPAA Compliance for Medical Practices | Scoop.it

HIPAA was enacted several years before social media networks such as Facebook were launched, so there are no specific HIPAA social media rules; however, there are HIPAA laws and standards that apply to social media use by healthcare organizations and their employees. Healthcare organizations must therefore implement a HIPAA social media policy to reduce the risk of privacy violations.

 

There are many benefits to be gained from using social media. Social media channels allow healthcare organizations to interact with patients and get them more involved in their own healthcare. Healthcare organizations can quickly and easily communicate important messages or provide information about new services. Healthcare providers can attract new patients via social media websites. However, there is also considerable potential for HIPAA Rules and patient privacy to be violated on social media networks. So how can healthcare organizations and their employees use social media without violating HIPAA Rules?

HIPAA and Social Media

The first rule of using social media in healthcare is to never disclose protected health information on social media channels. The second rule is to never disclose protected health information on social media. (see the definition of protected health information for further information).

 

The HIPAA Privacy Rule prohibits the use of PHI on social media networks. That includes any text about specific patients as well as images or videos that could result in a patient being identified. PHI can only be included in social media posts if a patient has given their consent, in writing, to allow their PHI to be used and then only for the purpose specifically mentioned in the consent form.

Social media channels can be used for posting health tips, details of events, new medical research, bios of staff, and for marketing messages, provided no PHI is included in the posts.

Employees Must be Trained on HIPAA Social Media Rules

In 2017, 71% of all Internet users visited social media websites. The popularity of social media networks combined with the ease of sharing information means HIPAA training should include the use of social media. If employees are not specifically trained on HIPAA social media rules it is highly likely that violations will occur.

Training on HIPAA should be provided before an employee starts working for the company or as soon as is possible following appointment. Refresher training should also be provided at least once a year to ensure HIPAA social media rules are not forgotten.

HIPAA Violations on Social Media

In 2015, ProPublica published the results of an investigation into HIPAA social media violations by nurses and care home workers. The investigation primarily centered on photographs and videos of patients in compromising positions and patients being abused.

 

In some cases, images and videos were widely shared, in others photographs and videos were shared in private groups. ProPublica uncovered 47 HIPAA violations on social media since 2012, although there were undoubtedly many more that were not discovered and were never reported.

 

In most cases, the HIPAA violations on social media resulted in disciplinary action against the employees concerned, there were several terminations for violations of patient privacy, and in some cases, the violations resulted in criminal charges. A nursing assistant who shared a video of a patient in underwear on Snapchat was fired and served 30 days in jail.

 

It is not only employees that can be punished for violating HIPAA Rules. There are also severe penalties for HIPAA violations for healthcare providers.

Common Social Media HIPAA Violations

  • Posting of images and videos of patients without written consent
  • Posting of gossip about patients
  • Posting of any information that could allow an individual to be identified
  • Sharing of photographs or images taken inside a healthcare facility in which patients or PHI are visible
  • Sharing of photos, videos, or text on social media platforms within a private group

HIPAA Social Media Guidelines

Listed below are some basic HIPAA social media guidelines to follow in your organization, together with links to further information to help ensure compliance with HIPAA Rules.

  • Develop clear policies covering social media use and ensure all employees are aware of how HIPAA relates to social media platforms
  • Train all staff on acceptable social media use as part of HIPAA training and conduct refresher training sessions annually
  • Provide examples to staff on what is acceptable – and what is not – to improve understanding
  • Communicate the possible penalties for social media HIPAA violations – termination, loss of license, and criminal penalties
  • Ensure all new uses of social media sites are approved by your compliance department
  • Review and update your policies on social media annually
  • Develop policies and procedures on use of social media for marketing, including standardizing how marketing takes place on social media accounts
  • Develop a policy that requires personal and corporate accounts to be totally separated
  • Create a policy that requires all social media posts to be approved by your legal or compliance department prior to posting
  • Monitor your organization’s social media accounts and communications and implement controls that can flag potential HIPAA violations
  • Maintain a record of social media posts using your organization’s official accounts that preserves posts, edits, and the format of social media messages
  • Do not enter into social media discussions with patients who have disclosed PHI on social media.
  • Encourage staff to report any potential HIPAA violations
  • Ensure social media accounts are included in your organization’s risk assessments
  • Ensure appropriate access controls are in place to prevent unauthorized use of corporate social media accounts
  • Moderate all comments on social media platforms

 

The Department of Health and Human Services’ Office for Civil Rights has issued guidance on HIPAA social media regulations, detailing the specific aspects of HIPAA that apply to social media networks. A HIPAA compliance checklist for social media can be viewed on the HHS website.

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

Gabe Maxwell's comment, September 26, 2019 6:56 PM
<a href="https://getmedicalmarijuanaonline.com/product/buy-gushers-online/">Buy Gushers</a>
<a href="https://getmedicalmarijuanaonline.com/product/special-blend-10g-oral-applicator-3-pack/">Buy 10g Oral Applicator</a>
<a href="https://getmedicalmarijuanaonline.com/product/green-label-15g-oral-applicator-6-pack/">Buy 15g Oral Applicator</a>
<a href="https://getmedicalmarijuanaonline.com/product/buy-moonrocks-now/">Buy Moonrocks</a>
<a href="https://getmedicalmarijuanaonline.com/product/buy-nyc-diesel/">Buy Nyc Diesel</a>
<a href="https://getmedicalmarijuanaonline.com/product/buy-lemon-kush/">Buy Lemon Kush</a>
<a href="https://getmedicalmarijuanaonline.com/product/buy-zkittlez/">Buy Zkittlez</a>
<a href="https://getmedicalmarijuanaonline.com/product/buy-purple-kush/">Buy Purple Kush</a>

<a href="https://getmedicalmarijuanaonline.com/product/buy-gelato-33/
">Buy Gelato</a>
<a href="https://getmedicalmarijuanaonline.com/product/buy-mango-kush/
">Buy Mango Kush</a>
<a href="https://getmedicalmarijuanaonline.com/product/buy-fire-og-kush/
">Buy Fire Og</a>
<a href="https://getmedicalmarijuanaonline.com/product/buy-death-star/
">Buy Death Star</a>
<a href="https://getmedicalmarijuanaonline.com/product/buy-green-crack-buy-green-crack-online/
">Buy Green Crack</a>
<a href="https://getmedicalmarijuanaonline.com/product/buy-grapefruit-kush/
">Buy Grapefruit kush</a>
<a href="https://getmedicalmarijuanaonline.com/product/ghost-train-haze/
">Buy Ghost Train Haze</a>

<a href="https://getmedicalmarijuanaonline.com/product/chocolope/
">Buy Chocolope</a>
<a href="https://getmedicalmarijuanaonline.com/product/buy-banana-kush/
">Buy Banana Kush</a>
<a href="https://getmedicalmarijuanaonline.com/product/buy-headband/
">Buy Headband</a>
<a href="https://getmedicalmarijuanaonline.com/product/buy-golden-goat/
">Buy Golden Goat</a>
<a href="https://getmedicalmarijuanaonline.com/product/buy-orange-kush/
">Buy Orange Kush</a>
<a href="https://getmedicalmarijuanaonline.com/product/buy-northern-lights-2/
">Buy Northern Lights</a>
<a href="https://getmedicalmarijuanaonline.com/product/buy-grape-ape/
">Buy Grape Ape</a>
<a href="https://getmedicalmarijuanaonline.com/product/buy-agent-orange-buy-agent-orange-online/
">Buy Agent Orange</a>
<a href="https://getmedicalmarijuanaonline.com/product/buy-blueberry-kush-online/">Buy Blueberry Kush</a>
Scoop.it!

How to Stay HIPAA Compliant When Using Social Media for Healthcare 

How to Stay HIPAA Compliant When Using Social Media for Healthcare  | HIPAA Compliance for Medical Practices | Scoop.it

Despite regulations surrounding the use of social media within the healthcare industry, there are enormous gains to be made from utilizing social media, from increasing patient engagement to acquiring new patients. Here, we look at why the role of social media is growing in healthcare, and how to make the most of this channel within healthcare internet marketing while still ensuring HIPAA compliance.

Healthcare Social Media Perks

Research data repeatedly indicate that patient outcomes improve when patients are involved and engaged in their own healthcare. Social media acts as the conduit that enables the patient-doctor relationship to extend beyond the traditional face-to-face consultations. When physicians actively engage on social media, they have an additional opportunity to connect with patients and impact their daily choices.

Meanwhile, blogging is both an effective marketing tool for doctors and a valuable source of information for patients looking to learn more about your healthcare organization or seeking health tips for specific conditions. And it’s not just the young, tech-savvy generations that can be reached on social media; one of the fastest growing demographics engaging in social media is the 55-65 year age group.

In addition, social media is an ideal platform for professionally connect with colleagues and industry peers. It is a great place to debate, express opinions, share information and experiences, and build referral networks.

The diversity of social media platforms and post types – including simple text, article shares, images, and videos – enables a new level of connection between the public, patients, and healthcare professionals. However, while social media continues to grow in importance in healthcare marketing, the challenges associated for non-compliance with HIPAA rules and regulations continue to increase.

Social Media HIPAA Compliance Concerns

To ensure HIPAA compliance on social media, it’s important to keep several key issues in mind.

Protected Health Information (PHI) The main compliance issue facing physicians is patient privacy. Physicians must be aware of both HIPAA and state laws with regard to the disclosure of patients’ PHI through social media. Even an inadvertent disclosure of PHI, including visual elements like photos or videos, can result in fines and other penalties. To satisfactorily manage this, healthcare organizations should provide HIPAA training to social media managers and conduct compliance checks. Healthcare organizations must also be prepared to present all electronic communications on demand, should an audit or lawsuit require it.

Medical Advice: Providing medical advice via social media should be treated with extreme caution due to licensing laws. If a patient is located in a state where the doctor is not licensed, the doctor risks liability under state licensing laws.

  

 

 

Tips for HIPAA Compliant Social Media

We recommend you have the following in place before going full-steam ahead on social media:

  • Create a Social Media Working Group to discuss any potential concerns about implementing a social media strategy. The group should include representatives from various parts of the organization.
  • Ensure a thorough understanding of the HIPAA patient privacy regulations and how they pertain to your healthcare organization’s social media accounts.
  • Create an employee use policy for social media and clearly communicate it to all staff.
  • Educate and train staff on the use of social media – plus how not to use it – with real life examples.
  • Create a realistic content strategy that specifies both the frequency and types of social media posts to reduce the likelihood of breaches.
  • Develop a process with the Legal and Compliance departments to approve content prior to being posted.
  • Monitor social media communications with technology controls that flag any words or phrases that may indicate HIPAA non-compliance, so that they can be reviewed before posting.
  • Capture and save records that preserve the format of social communications, including edits and deletions.
  • Archive electronic records so that they can be found, in accordance with federal and state recordkeeping rules.
  • Develop metrics to measure the effectiveness of social media programs.
Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

No comment yet.
Scoop.it!

HIPAA in the social media era

HIPAA in the social media era | HIPAA Compliance for Medical Practices | Scoop.it

In today's social media-obsessed world, employers must understand the implications that social media may have on their HIPAA compliance strategies. A HIPAA breach could result from something as innocuous as a Facebook post.


Think your employees know better than to post Protected Health Information ("PHI") online for all the world to see? Think again.

In recent years, several potential HIPAA violations have occurred through employees' use of social media. For example, one hospital employee posted on his Facebook wall a patient's picture and chart, along with his comments on her condition, because "it was only Facebook" and therefore "not reality." He thought it was "funny."

Other recent incidents of similar behavior include emergency room personnel posting pictures to the Internet of a man's fatal knife wounds, and hospital employees posting pictures of patient X-rays.


Perhaps these are extreme examples, but HIPAA breaches can be more subtle. In one California case, five nurses were fired after management discovered that they were using Facebook to provide shift change updates to their coworkers. They did not use patient names, but did post enough specific information about the patients that the incoming nurses could prepare for their shift. Although these disclosures were likely made with the best of intentions, they were plainly HIPAA violations.


Since violations associated with the use of social media are relatively new, the Department of Health and Human Services has yet to issue formal guidance on these matters, but there is little doubt we will learn more about its strategy for handling the increasing number of such incidents.


Social media is clearly here to stay, so what is an employer to do? The answer: training. Although HIPAA regulations already require all "covered entities" to provide employees with HIPAA training, employers should ensure that their training programs include information specifically related to social media usage. In fact, due to the increasing risk of HIPAA violations through social media, it may be appropriate to draft a separate social media policy to disseminate to employees in addition to general HIPAA training.


Comprehensive HIPAA training along with a clear, well-defined social media policy, emphasizing compliance responsibilities during both work and non-work hours, is an employer's most effective weapon against HIPAA liability for employee misuse of social networking sites. To maximize effectiveness, be sure to include specific examples of the kinds of statements an employee might make on social networking sites that could run afoul of HIPAA and emphasize how even small, seemingly trivial disclosures can constitute HIPAA privacy rule violations.


Ashley Trotto is an associate attorney at Kennerly, Montgomery & Finley, where she focuses her practice on employee benefits and related issues. This column is provided through the Knoxville Bar Association, (www.knoxbar.org), a nonprofit corporation that offers continuing legal education and service to the community through free programs such as the Lawyer Referral & Information Service, speakers bureau and law-related education programs.


No comment yet.