It seems like we can’t go a day without hearing about something on social media. Whether it’s a viral video or President Trump venting, we are more and more reliant on social media for news and entertainment every passing day. We connect with family and friends, we have discussions, we post pictures, and Facebook pages are turning into pseudo online personalities that can be accessed by anyone, anywhere, at any time. That’s why the surge in social media is putting healthcare providers in a difficult position with their employees, because in a day and age when everything is shared online what are the boundaries for people who handle HIPAA protected information every day?
It seems like it would be pretty clear that if you’re a doctor or nurse, you don’t post pictures or information about patients online. For example, if a nurse wanted to share a patient’s story because they were inspired by their courage and they posted a photo with the patient’s name there would be huge consequences. Any nurse worth their salt would know that’s an easy way to get fired and sued. Unfortunately, HIPAA rules are not always that cut and dry. At office parties people like to take pictures and post them on social media, but if they do so at a healthcare providers office and there are medical records in the background then they could face HIPAA fines, or if nurse or doctor shares a patient’s post that has HIPAA protected information in it they are violating HIPAA. Too many people have found out that simply omitting a patient’s name from a post or online discussion isn’t enough to avoid major fines.
There are 18 HIPAA identifiers that if posted online by a nurse or doctor would break privacy rules. There are the obvious ones like name and address, but then there are trickier identifiers like any dates related to the individual and any photographic images, not limited to the face, that could uniquely identify the patient. If you thought those were broad, any characteristic that could uniquely identify the patient is also covered under HIPAA privacy rules. Try to think of a post or comment that wouldn’t qualify under one of these identifiers and you’ll see why it’s so important that nurses and doctors know the fine line they walk with work related social media postings.
Just because social media and HIPAA mix like oil and water doesn’t mean that doctors and nurses can’t use it to for their jobs at all though. At this year’s Health IT Conference (HIMSS17) Kevin Campbell and Michael Rutty discussed the legal boundaries of social media and healthcare. While on one hand, they said that doctors have been cautious of using social media thanks to new precedents of social media being deemed admissible by courts, they also pointed out that doctors can still engage with their patients on social media. That could mean making recommendations to patients without leveraging the patient- doctor relationship or posting in disease specific online support groups. Doctors can even use social media to show potential and current patients their specialties and ongoing education.
Once again though, any time a nurse or doctor posts online they risk mixing their careers with their personal lives. Some doctors work around this by making a profile for friends, family, and one for patients while others avoid friending patients altogether. If you’re a healthcare professional, this is the type of thinking you need to keep HIPAA from raining down on your head. One of the biggest worries of healthcare providers today is hackers compromising medical records, but if you don’t invest time in learning more about HIPAA and social media you could bring yourself down without a hacker even looking your way.