HIPAA Compliance for Medical Practices
77.8K views | +18 today
Follow
HIPAA Compliance for Medical Practices
HIPAA Compliance and HIPAA Risk management Articles, Tips and Updates for Medical Practices and Physicians
Your new post is loading...
Your new post is loading...
Scoop.it!

HIPAA Social Media Rules

HIPAA Social Media Rules | HIPAA Compliance for Medical Practices | Scoop.it

HIPAA was enacted several years before social media networks such as Facebook were launched, so there are no specific HIPAA social media rules; however, there are HIPAA laws and standards that apply to social media use by healthcare organizations and their employees. Healthcare organizations must therefore implement a HIPAA social media policy to reduce the risk of privacy violations.

 

There are many benefits to be gained from using social media. Social media channels allow healthcare organizations to interact with patients and get them more involved in their own healthcare. Healthcare organizations can quickly and easily communicate important messages or provide information about new services. Healthcare providers can attract new patients via social media websites. However, there is also considerable potential for HIPAA Rules and patient privacy to be violated on social media networks. So how can healthcare organizations and their employees use social media without violating HIPAA Rules?

HIPAA and Social Media

The first rule of using social media in healthcare is to never disclose protected health information on social media channels. The second rule is to never disclose protected health information on social media. (see the definition of protected health information for further information).

 

The HIPAA Privacy Rule prohibits the use of PHI on social media networks. That includes any text about specific patients as well as images or videos that could result in a patient being identified. PHI can only be included in social media posts if a patient has given their consent, in writing, to allow their PHI to be used and then only for the purpose specifically mentioned in the consent form.

Social media channels can be used for posting health tips, details of events, new medical research, bios of staff, and for marketing messages, provided no PHI is included in the posts.

Employees Must be Trained on HIPAA Social Media Rules

In 2017, 71% of all Internet users visited social media websites. The popularity of social media networks combined with the ease of sharing information means HIPAA training should include the use of social media. If employees are not specifically trained on HIPAA social media rules it is highly likely that violations will occur.

Training on HIPAA should be provided before an employee starts working for the company or as soon as is possible following appointment. Refresher training should also be provided at least once a year to ensure HIPAA social media rules are not forgotten.

HIPAA Violations on Social Media

In 2015, ProPublica published the results of an investigation into HIPAA social media violations by nurses and care home workers. The investigation primarily centered on photographs and videos of patients in compromising positions and patients being abused.

 

In some cases, images and videos were widely shared, in others photographs and videos were shared in private groups. ProPublica uncovered 47 HIPAA violations on social media since 2012, although there were undoubtedly many more that were not discovered and were never reported.

 

In most cases, the HIPAA violations on social media resulted in disciplinary action against the employees concerned, there were several terminations for violations of patient privacy, and in some cases, the violations resulted in criminal charges. A nursing assistant who shared a video of a patient in underwear on Snapchat was fired and served 30 days in jail.

 

It is not only employees that can be punished for violating HIPAA Rules. There are also severe penalties for HIPAA violations for healthcare providers.

Common Social Media HIPAA Violations

  • Posting of images and videos of patients without written consent
  • Posting of gossip about patients
  • Posting of any information that could allow an individual to be identified
  • Sharing of photographs or images taken inside a healthcare facility in which patients or PHI are visible
  • Sharing of photos, videos, or text on social media platforms within a private group

HIPAA Social Media Guidelines

Listed below are some basic HIPAA social media guidelines to follow in your organization, together with links to further information to help ensure compliance with HIPAA Rules.

  • Develop clear policies covering social media use and ensure all employees are aware of how HIPAA relates to social media platforms
  • Train all staff on acceptable social media use as part of HIPAA training and conduct refresher training sessions annually
  • Provide examples to staff on what is acceptable – and what is not – to improve understanding
  • Communicate the possible penalties for social media HIPAA violations – termination, loss of license, and criminal penalties
  • Ensure all new uses of social media sites are approved by your compliance department
  • Review and update your policies on social media annually
  • Develop policies and procedures on use of social media for marketing, including standardizing how marketing takes place on social media accounts
  • Develop a policy that requires personal and corporate accounts to be totally separated
  • Create a policy that requires all social media posts to be approved by your legal or compliance department prior to posting
  • Monitor your organization’s social media accounts and communications and implement controls that can flag potential HIPAA violations
  • Maintain a record of social media posts using your organization’s official accounts that preserves posts, edits, and the format of social media messages
  • Do not enter into social media discussions with patients who have disclosed PHI on social media.
  • Encourage staff to report any potential HIPAA violations
  • Ensure social media accounts are included in your organization’s risk assessments
  • Ensure appropriate access controls are in place to prevent unauthorized use of corporate social media accounts
  • Moderate all comments on social media platforms

 

The Department of Health and Human Services’ Office for Civil Rights has issued guidance on HIPAA social media regulations, detailing the specific aspects of HIPAA that apply to social media networks. A HIPAA compliance checklist for social media can be viewed on the HHS website.

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
Gabe Maxwell's comment, September 26, 6:56 PM
<a href="https://getmedicalmarijuanaonline.com/product/buy-gushers-online/">Buy Gushers</a>
<a href="https://getmedicalmarijuanaonline.com/product/special-blend-10g-oral-applicator-3-pack/">Buy 10g Oral Applicator</a>
<a href="https://getmedicalmarijuanaonline.com/product/green-label-15g-oral-applicator-6-pack/">Buy 15g Oral Applicator</a>
<a href="https://getmedicalmarijuanaonline.com/product/buy-moonrocks-now/">Buy Moonrocks</a>
<a href="https://getmedicalmarijuanaonline.com/product/buy-nyc-diesel/">Buy Nyc Diesel</a>
<a href="https://getmedicalmarijuanaonline.com/product/buy-lemon-kush/">Buy Lemon Kush</a>
<a href="https://getmedicalmarijuanaonline.com/product/buy-zkittlez/">Buy Zkittlez</a>
<a href="https://getmedicalmarijuanaonline.com/product/buy-purple-kush/">Buy Purple Kush</a>

<a href="https://getmedicalmarijuanaonline.com/product/buy-gelato-33/
">Buy Gelato</a>
<a href="https://getmedicalmarijuanaonline.com/product/buy-mango-kush/
">Buy Mango Kush</a>
<a href="https://getmedicalmarijuanaonline.com/product/buy-fire-og-kush/
">Buy Fire Og</a>
<a href="https://getmedicalmarijuanaonline.com/product/buy-death-star/
">Buy Death Star</a>
<a href="https://getmedicalmarijuanaonline.com/product/buy-green-crack-buy-green-crack-online/
">Buy Green Crack</a>
<a href="https://getmedicalmarijuanaonline.com/product/buy-grapefruit-kush/
">Buy Grapefruit kush</a>
<a href="https://getmedicalmarijuanaonline.com/product/ghost-train-haze/
">Buy Ghost Train Haze</a>

<a href="https://getmedicalmarijuanaonline.com/product/chocolope/
">Buy Chocolope</a>
<a href="https://getmedicalmarijuanaonline.com/product/buy-banana-kush/
">Buy Banana Kush</a>
<a href="https://getmedicalmarijuanaonline.com/product/buy-headband/
">Buy Headband</a>
<a href="https://getmedicalmarijuanaonline.com/product/buy-golden-goat/
">Buy Golden Goat</a>
<a href="https://getmedicalmarijuanaonline.com/product/buy-orange-kush/
">Buy Orange Kush</a>
<a href="https://getmedicalmarijuanaonline.com/product/buy-northern-lights-2/
">Buy Northern Lights</a>
<a href="https://getmedicalmarijuanaonline.com/product/buy-grape-ape/
">Buy Grape Ape</a>
<a href="https://getmedicalmarijuanaonline.com/product/buy-agent-orange-buy-agent-orange-online/
">Buy Agent Orange</a>
<a href="https://getmedicalmarijuanaonline.com/product/buy-blueberry-kush-online/">Buy Blueberry Kush</a>
Scoop.it!

Why We Should Kill the Social Security Number

Why We Should Kill the Social Security Number | HIPAA Compliance for Medical Practices | Scoop.it

While tax season is still producing eye twitches around the nation, it’s time to face the music about tax-related identity theft. Experts project the 2014 tax year will be a bad one. The Anthem breach alone exposed 80 million Social Security numbers, and then was quickly followed by the Premera breach that exposed yet another 11 million Americans’ SSNs. The question now: Why are we still using Social Security numbers to identify taxpayers?

From April 2011 through the fourth quarter of 2014, the IRS stopped 19 million suspicious tax returns and protected more than $63 billion in fraudulent refunds. Still, $5.8 billion in tax refunds were paid out to fraudsters. That is the equivalent of Chad’s national GDP, and it’s expected to get worse. How much worse? In 2012, the Treasury Inspector General for Tax Administration projected that fraudsters would net $26 billion into 2017.

While e-filing and a lackluster IRS fraud screening process are the openings that thieves exploited, and continue to exploit, the IRS has improved its thief-nabbing game. It now catches a lot more fraud before the fact. This is so much the case that many fraudsters migrated to state taxes this most recent filing season because they stood a better chance of slipping fraudulent returns through undetected. Intuit even had to temporarily shut down e-filing in several states earlier this year for this reason. While the above issues are both real and really difficult to solve, the IRS would have fewer tax fraud problems if it kicked its addiction to Social Security numbers and found a new way for taxpayers to identify themselves.

Naysayers will point to the need for better data practices. Tax-related fraud wouldn’t be a problem either if our data were more secure. Certainly this is true. But given the non-stop parade of mega-breaches, it also seems reasonable to say that ship has sailed. No one’s data is safe.

Identity thieves are so successful when it comes to stealing tax refunds (and all stripe of unclaimed cash and credit) because stolen Social Security numbers are so plentiful. Whether they are purchased on the dark web where the quarry of many a data breach is sold to all-comers or they are phished by clever email scamsdoesn’t really matter.

In a widely publicized 2009 study, researchers from Carnegie Mellon had an astonishingly high success rate in figuring out the first five digits for Social Security numbers, especially ones assigned after 1988, when they applied an algorithm to names from the Death Master File. (The Social Security Administration changed the way they assigned SSNs in 2011.) In smaller states where patterns were easier to discern the success rate was astonishing -- 90 percent in Vermont. Why? Because SSNs were not designed to be secure identifiers.


more...
No comment yet.