The Social Observer

The Social Media Marketing Blog by SNHU Students

HIPAA Violations Can Be Avoided with Social Media In Healthcare

HIPAA Violations and Compliance Problems Should Be Avoided in Social Media

hipaa22513 hipaa violation

HIPAA violations with social media usage are a hot topic. A major concern with the growing use of social media in the healthcare industry is the potential for an accidental HIPAA violation.  For those that are unaware, HIPAA stands for the Health Insurance Portability and Accountability Act and was put into place in 1996 by Congress and then President Bill Clinton.  The primary goal of HIPAA is to ensure the privacy and confidentiality of patient health information (PHI) so as to not reveal any information about a patient by a healthcare workers.

Social media is becoming much more prevalent in today’s healthcare industry.  The use of Facebook, Twitter, Google+, LinkedIn as well as other social media outlets are allowing hospitals, doctors and nurses to communicate with a much broader audience than they ever were able to before.  This however opens them up to the possibility of accidentally or purposefully violating HIPAA guidelines by what they post online.

HIPAA Violations Guidelines for Social Media:

Below is a short Do’s and Don’ts list to act as simple guidelines to help try and avoid any HIPAA violations while posting on social media in the healthcare industry.

  • Do talk about treatments and conditions in a general and non-identifying manner.
  • Don’t talk about patients in anyway, even with general terms as the simplest detail can lead to their identification.

It is fine to discuss and answer questions about general conditions and treatments however any information that could lead to the patient being identified cannot be posted.  Even trying to be nonspecific by stating “I had a 52 year old man come into the emergency room with …” someone may know their neighbor is 52 and went in last night and would cause a HIPAA violation.

  • Do speak to your community in a friendly tone with a caring disposition.
  • Don’t ever “friend” a patient on social media as it could lead to a HIPAA violation.

You want to make a personal connection with your audience to encourage conversation and build trust with them.  However you do not want to becomes friends with them as this could lead to discussions becoming too personal and have the potential to reveal private information.

  • Do be open and honest about who you are and what you represent.
  • Don’t be anonymous as this can lead to things being said that otherwise should not be.

Transparency is essential to building trust and strong connections with your audience and therefore your posts should be identified as your own and that you represent your company.  When there is no name behind the social media posting then it can become easy to say things that you normally would not say if it were easily connected to you.

Examples of HIPAA Violations

The nhipaa-compliant-websiteumber of HIPAA violations is increasing as social media becomes more prolific in the healthcare industry. There have been many documented cases of employees being reprimanded or even fired due to HIPAA violations.

In some cases the employees may not have realized the severity of simply looking at a patients chart that they otherwise had no medical reason to and in other cases hospital employees were down right flagrant in violating patient confidentiality and felt nothing was wrong with what they did.

Cases range from patients being treated over Twitter, employees posting pictures of patients without their consent, a doctor asking a patient out on a date and even a nurse taking a picture of a patients chart and posting on his Facebook page because he thought it was funny.

One more extreme case in Minnesota saw two hospitals firing a total of 32 employees for accessing electronic records of patients without a legitimate reason for doing so.  It was a high profile case involving local teens and a mass overdose and for this reason an audit was ran to see who was looking at the patient files and whether or not they had a legitimate reason.

The Mayo Clinic which was ranked the #1 most social media friendly hospital in 2013 states that they don’t think their social media policy is that much different than any other company.  They feel that HIPAA compliance is not only a legal issue but a branding one as well and if someone does not believe that their confidential information is secure then they will go somewhere else.

All it takes is a little bit of training combined with a little bit of common sense to avoid social media HIPAA violations while posting (e.g.  With a little bit of due diligence and double checking what you say, before you say it and you can stay safe on social media and not run into trouble by breaking any HIPAA standards.  Research your industry and social media to make informed decisions about your social media presence in Healthcare and you will be in good shape.

Know a great app or website to help physicians with HIPAA Compliance? Share!


Category: Social Media Marketing 201