Online privacy and security are important issues for healthcare providers, especially on the new social web. Updating our status on Facebook, Twitter, Snapchat, Instagram and other social media sites has become part of our work lives; however we must take into consideration the HIPAA rules. Social media can be an effective and valuable tool if used wisely. It’s not as complicated as you think. In fact it is fairly easy if we take into consideration these guidelines before we use social media as a forum to communicate information:
- The Health Insurance Portability and Accountability Act (HIPAA) require that a patient’s identity and personal information be protected – it’s the law.
- The HIPAA rules and the patients’ right to privacy apply on social media.
- Protected Health Information (PHI) in any form (paper, oral, digital) must be protected at all times. This includes social security number, date of birth, and photo or video images. These are all PHI identifiers.
- A patients’ name, photo or video image, type of service or any other information that could possibly identify the patient or the services they received should not be posted on social media.
- Employees should use their social media accounts for personal use only.
- All patients must sign a consent form to acknowledge release of their information (for company use only). PHI should not be released without the patient authorization.
In many cases, employees have good intentions when they post information on social media; however inadvertently releasing PHI is a HIPAA violation.
- PHI is confidential and should not be discussed, posted or shared in any format, including social media, outside of company premises.
- Privacy is a patient’s expectation and right.
- It is our duty to safeguard patient information at all times and treat patients with dignity and respect.
- Never share patients’confidential information on Social Media.
- Additionally, please take some time to review our company policies that address these concerns:
HR-1300 – Social Media Policy
HR-1260 – Employee Information Confidentiality Policy
HR-1120 – Bring Your Own Device (BYOD) Policy