4 Tips to Steer Clear of Social Media HIPAA Slip-Ups

social-media-hipaa

Facebook is ideal for grumpy cat videos, pictures of your recent chicken-lime-bacon culinary experiment, and praise for your favorite Journey lyric. It is not, however, the appropriate place for your staff to voice frustrations with an unruly patient. 

While services like Facebook and Twitter often benefit physicians as a medium to educating current and attracting new patients, social media also blurs the lines between our public and private lives – especially since much of what you do online isn’t very private at all. 

This can result in issues for a number of providers, who are encountering problems keeping protected health information (PHI) from spilling onto the Internet. 

The issue has become so prevalent that HHS released a warning to physicians to be mindful of their social media use. So, since social media is yet another conduit for HIPAA violations, it’s important for practices to be aware of the possible pitfalls of online networking. 

The following tips will help keep you from falling victim to HHS scrutiny and possible HIPAA penalties. 

Don’t talk about patients, even in general terms. Any sort of unauthorized public disclosure of a patient’s health information is considered a serious breach of HIPAA standards and warrants an HHS inquiry. 

Don’t mix your personal and business profiles. Facebook allows you to create two types of pages: business and personal. It’s key to draw a clear line between your personal and professional pages, so use Facebook’s business services for your medical practice.

Don’t vent your frustrations online. This is a surefire way to get in trouble. The biggest violation in HIPAA history occurred on Facebook, when hundreds of Chicago-based medical workers created a group titled “Did you know this alcoholic Indian?” 

In it, they posted images and stories of a well-known homeless man, who frequented area hospitals. This led to a serious HHS investigation into the matter. Thus, take a moment to consider any and all HIPAA implications before posting anything. 

Don’t send private messages that contain PHI. Facebook messages aren’t encrypted in any way, and therefore fall under direct violation of HIPAA standards. A better alternative for sending private messages is to use an EHR equipped with a patient portal that allows you to send patients secure messages. 

“Health care professionals have been cautiously approaching social media, and as they become more comfortable, they are more and more often using it,” said Christina Beach Thielst, author of Social Media in Healthcare: Connect, Communicate, Collaborate.

[do action=”separators”/]As people become more comfortable, the need for clarifying appropriate usage becomes more evident. Thielst recommends healthcare organizations develop well thought out policies that fit with their office culture and the expectations set for employees. 

It’s a good idea to implement policies or distribute handbooks that explain proper use of social networking to staff. Employees must be aware of the importance of HIPAA and its implications on social media. 

Want to know why EHRs equipped with patient portals are a better way of communicating with patients? Register for Rosemarie Nelson’s upcoming 7 Must-Have Features of an Effective EHR Solution webinar. 

7-must-have-ehr-features