The posting of any PHI, without patient authorization, on social media may constitute a HIPAA violation. This includes any
text, image, video, or other media identifying the individual as a patient of the practice
as well as any media in which patients of a practice or PHI are visible.
HIPAA and Social Media
The HIPAA Privacy Rule
prohibits the disclosure of ePHI on social media networks without the express consent of patients
. This includes any text about specific patients as well as images or videos that could result in a patient being identified.
What is one reason that social media increases the risk for HIPAA violations?
Privacy settings don’t protect information
. You notice that Mark, a colleague of yours, posted protected health information to his social media site.
Breaches of Patient Privacy
Concerns regarding the use of social media by HCPs frequently center on the
potential for negative repercussions resulting from the breach of patient confidentiality
. Such infractions may expose HCPs and health care entities to liability under federal HIPAA and state privacy laws.
Common examples of social media HIPAA compliance violations include:
Posting verbal “gossip” about a patient to unauthorized individuals
, even if the name is not disclosed. Sharing of photographs, or any form of PHI without written consent from a patient.
What happens if a doctor violates HIPAA?
The minimum fine for willful violations of HIPAA Rules is $50,000. The maximum criminal penalty for a HIPAA violation by an individual is $250,000. Restitution may also need to be paid to the victims. In addition to the financial penalty,
a jail term
is likely for a criminal violation of HIPAA Rules.
How often is HIPAA violated?
In 2018, healthcare data breaches of 500 or more records were being reported at a rate of around 1 per day. In December 2020, that rate had doubled. The
average number of breaches per day for 2020 was 1.76
.
Social media use by patients was found to affect the healthcare professional and patient relationship, by leading to more equal communication between the patient and healthcare professional,
increased switching of doctors, harmonious relationships, and suboptimal interaction between the patient and healthcare
…
Although social media offers many benefits, inappropriate use can create legal problems for nurses, including
job termination, malpractice claims, and disciplinary action from boards of nursing (BON)
, which could negatively impact their nursing license and career.
Where is HIPAA applicable?
Doctors, dentists, hospitals, nursing homes, pharmacies, urgent care clinics, and other entities that provide health care in exchange for payment are examples of providers. Health care providers must comply with HIPAA only
if they transmit health information electronically in connection with covered transactions
.
What are examples of HIPAA violations?
- Stolen/lost laptop.
- Stolen/lost smart phone.
- Stolen/lost USB device.
- Malware incident.
- Ransomware attack.
- Hacking.
- Business associate breach.
- EHR breach.
Is Facebook HIPAA compliant?
Conclusion:
Facebook is not HIPAA compliant
because it will not sign a BAA. However, covered entities can use it—as long as they do not share any PHI.
What is minimum necessary?
Minimum Necessary is the process that is defined in the HIPAA regulations: When using or disclosing protected health information or when requesting protected health information from another covered entity, a covered entity
must make reasonable efforts to limit protected health information to the
minimum necessary to …
When used cautiously, social media can provide the obvious advantages such as professional networking, clinical education, and patients’ health promotion. However, when used unwisely, social media has its disadvantages such as
violation of patients’ confidentiality and privacy
and can lead to formidable consequences.
HIPAA compliance
is one of the biggest challenges of social media in healthcare. Healthcare professionals are leery of entering into the social media fray for fear that they will compromise patient privacy, either through what they post or by exposing their networks to viruses or hacking.
- Mainstream social media platforms like Facebook, Twitter, Instagram and LinkedIn are best for private practitioners looking to market their practice. …
- Exclusive doctor networks like SERMO, Doximity and Daily Rounds are best for learning, community engagement and professional networking.
