Social Media is used by billions of people all across the globe. Many of us use social media to communicate with friends and family, post photos and videos, market products, promote brands, connect to customers and foster new business relationships. When it comes to social media restrictions involving patients in health care, potential risk may expose patient information, breach of data, and violation of patient privacy.
Are you balancing patient privacy through Social Media?
Restricting the privacy of patients’ protected health information (PHI) is one of the most significant concerns related to social media use. In view of the fact that boundaries between appropriate versus inappropriate and personal versus professional use of social media can easily be obscured, managing privacy risks can be challenging. For example, numerous instances have occurred in which healthcare workers have posted pictures of, or confidential information about, patients on professional or personal social media pages without the patients’ consent. Therefore whether intentional or not, the likelihood of exposure and patient privacy rights is increased.
What are the risks?
The risks of sharing too much information on social media platforms can have devastating effects on both healthcare organizations and employees if patient specific information is shared. Healthcare employees should avoid potentially hazardous mistakes while using social media and medical blogs to avoid Health Insurance Portability and Accountability Act (HIPPA) violations altogether.
Common examples of social media HIPAA violations include:
- Posting verbal “gossip” about a patient to unauthorized individuals, even if the name is not disclosed.
- Sharing of photographs, or any form of PHI without written consent from a patient.
- A mistaken belief that posts are private or have been deleted when they are still visible to the public.
- Sharing of seemingly innocent comments or pictures, such as a workplace lunch which happens to have visible patient files underneath.
What can you do to reduce risks?
It has become common practice for people to discuss the events of their day via social media, but for a healthcare provider, doing so maybe illegal. To reduce risk to your organization, you can start by following company policy in accordance with social media and patient privacy. You want take responsibility and use your best judgment to avoid making costly mistakes. If you think twice before you post patient information, you align with HIPAA compliance involving patient data. Patient privacy is vital and should be protected at all times.
Prohibit or set limitations on the photographic use of cellphones and other portable electronic devices as part of organizational policy.
When posting content containing patient identifiable information to the organization’s social media sites, ensure patient consent is obtained. The consent should explicitly state how the information will be used. Have someone who is familiar with HIPAA and state privacy regulations review social media content to ensure information does not violate patient confidentiality.
Be aware that responding to a patient post or review on a social media site might violate HIPAA or state privacy laws.
Understand the technical limitations and terms and conditions of any social media sites that you plan to use. For example, information sent via messaging functions likely is not encrypted, and the site might maintain the right to access any personal information.