Social Media and HIPAA Compliance

Healthcare, Social Media

Before Social Media platforms like Facebook went live, HIPAA was established to protect the privacy of medical providers and their patients. And although there are no specific rules for Social Media use, every healthcare organization must implement security protocols that adhere to privacy policies.

On April 14, 2003, the “Health Insurance Portability and Accountability Act” (HIPAA) became law with the goal of protecting the privacy of patient medical records, hospitals, doctors, and health plans. The regulations set forth by this legislation allowed patients to freely access their medical records and gave them more control over the disclosure and use of their private health information.

Billions of people consume Social Media content every day, and over 30% of healthcare professionals use the same platforms to build and expand their professional network. There are advantages to utilizing Social Media in the medical field, such as notifications about new services, and interacting with patients. However, there is a possibility that using this platform the wrong way will lead to violations in patient privacy and HIPAA regulations.

What actions on Social Media violate HIPAA rules?

According to HIPAA regulations, a violation or breach is unauthorized use or disclosure under the Privacy Rule which exposes the privacy or security of Protected Health Information (PHI).

Examples of common violations include:

  • Sharing pictures (like a team lunch in the workplace) with patient information visible in the background.
  • Sharing any form of PHI (such as images) without the patient’s written consent.
  • Posting “gossip” about a patient to those who are not concerned, even if the name is not mentioned.

How much do HIPAA violations cost?

People in the healthcare industry cannot treat HIPAA lightly. If an employee were found guilty of violating a HIPAA rule, that person could face a fine between $100 and $1,500,000. Depending on the severity of the violation, the employee might face a 10-year jail sentence, lawsuits, termination from the job, and the loss of medical license.

How can healthcare organizations prevent violations?

It is a good idea to have employees undergo training on HIPAA Security and HIPAA Privacy procedures and policies when they are hired. Topics that should be discussed include workstation use, workstation security, and bringing personal devices into the workplace. These procedures are crucial to making sure that employees comply with HIPAA rules and are protecting patient information, whether it be electronic, written or oral.

Do you work in the healthcare industry and need help managing IT and privacy issues? Feel free to give us a call today!

Published with permission from TechAdvisory.org.

Previous Blogs

Benefits of a Privately Hosted Exchange Server

Benefits of a Privately Hosted Exchange Server

When clients decide that it’s time to retire their aging, on-premise Exchange servers, questions often come up on where to go with their next Exchange server.  With few exceptions, the answer is the cloud due to uptime requirements for email flow and minimal cost...

read more
Data Center Upgrade and Move Announcement

Data Center Upgrade and Move Announcement

Russell Technologies has exciting news to share. We are upgrading and moving our primary data center in St. Louis, moving it from 210 N Tucker to 710 N Tucker. After almost 6 years in 210 N Tucker, this was not a decision that we made easily, but the move gives us...

read more
Security policies for your business

Security policies for your business

Businesses rarely address cybersecurity in their company policies. With cybercrimes becoming more prevalent, it’s important you inform staff about the threats they could be exposed to. Make sure your business and employees are safe with these security policies. Internet In today’s business world, employees spend a lot of time on the internet. To ensure they’re […]

read more