4 Ways to Avoid Social Media Privacy Pitfalls in Healthcare

Nothing online can ever be truly deleted. Snapchat, the app based on disappearing clips and photos, now has a feature called “memories” which allows users to save snaps. As if we needed more proof that there is no guarantee of privacy online—especially with social media.

The landscape of social media is fast-changing and the law is sometimes one step behind. A recent case in Iowa involved a nursing home worker who took and shared demeaning photos of an elderly resident. Following examination of Iowa Code 235E, State officials ruled that sexual exploitation did not occur because the photo did not show the resident’s prohibited body parts, however, the nursing home still fired the employee. The issue of social media exploitation in nursing homes reached a U.S. Senator, who reached out to the Office for Civil Rights inquiring about the protections afforded to elderly residents of nursing homes with respect to photos and videos in social media. The Office for Civil Rights could take action in these cases under HIPAA, but to date it has not done so. The Office for Civil Rights is in the process of issuing its own guidance on social media, although such guidance has yet to be released.

With the likelihood of social media being used in your workplace and evolving enforcement of privacy laws, what are some steps your hospital or medical practice can take to guard against disclosure of patient information in social media?

  1. Have a plan. Take stock of your current HIPAA and patient privacy policy and make clear rules for social media conduct. There should also be clear penalties for violating these rules, even if no privacy breach occurs.
  2. Inform staff. Just as you explain to employees the rules about dress codes and timecard procedures, you should also make sure all employees – new and existing – are aware of your hospital or medical practice’s expectations around social media.
  3. Establish protected reporting. Make it easy for employees to identify misconduct or breaches related to social media and report them in accordance with your policies.
  4. Train and monitor. Conduct annual HIPAA training for your employees that includes social media, and make sure to keep records of this training in case of an audit.

Are you looking for a cost-effective way to ensure your practice meets its HIPAA training requirement? Learn more about Availity’s on-demand, online training courses.

The information in this article is for general information purposes only and is not intended to be, and should not be interpreted to be, legal advice.