Topics on this page:
In 2018, a Texas nurse published a post on her personal Facebook account about a case of a young boy who was battling measles at her hospital. Though she didn’t actually name the patient, she did provide descriptive information about him, and her Facebook profile also listed her job title and the name of the hospital where she worked. On top of all that, there hadn’t been many cases of measles in this particular city; in fact, there’d been fewer than 10 cases in 10 years. For these reasons, hospital administrators were concerned that the boy could be identified from the nurse’s posts, so they eventually decided to fire her.
In August 2022, a patient in Georgia became aware that a video of her giving birth was circulating on Snapchat. This jogged the patient’s memory that while in her hospital room a nurse had entered with a phone visible in her top pocket, its camera flash on. When colleagues mentioned the camera, the nurse shut off the flash, but the camera was still rolling. Although cleared internally by her employer, the nurse was arrested in September for unlawful eavesdropping or surveillance; she was released on $44,000 bond. If convicted, she could face jail time, a fine, and loss of her license for committing a felony and knowingly violating HIPAA.
These jarring incidents illustrates the trouble that some healthcare professionals experience when navigating HIPAA and social media. Like most adults, healthcare providers may maintain personal social media accounts. And, of course, they have a right to post their vacation photos on Facebook or Instagram just like anyone else. But providers can quickly run afoul of HIPAA regulations if they discuss patient care, vent about difficult clients, record patients without their knowledge for any reason, or interact on a personal level with a patient on a social media platform.
“Managers and clinicians at all levels need to understand how privacy breaches commonly happen because in understanding what can go wrong, they will be equipped to prevent breaches,” says Diane Evans, publisher of MyHIPAA Guide, a consultancy and subscription service for HIPAA compliance management.
Stated simply, one way that a HIPAA violation can occur is if an individual’s protected health information (PHI) is used or disclosed without their permission.
Evans cites three common types of HIPAA violations that healthcare professionals commit on social media:
These types of gaffes can lead to fines, sanctions, and potentially even the revocation of your license to practice.
Unfortunately, the internet is overflowing with similar stories of HIPAA social media blunders with less-than-ideal results for those involved:
A patient published a social media post in which she expressed her satisfaction regarding a procedure her dermatologist performed for her. After seeing her post, the dermatologist then shared the patients’ unofficial testimonials on his own social media pages and website, but without obtaining her permission first. The patient discovered what he’d done and sued him for violating HIPAA.
Two Ohio medical center employees posted to a Facebook group a picture of the medical record of a woman diagnosed with an STD. The woman sued both employees, the boyfriend of one of the employees, and the hospital.
A Michigan nurse vented on her Facebook account about her on-the-job encounter with a man who allegedly killed a police officer in a shootout and received treatment for his wounds at the hospital where she worked. Though she never mentioned the suspect’s name or his medical condition, nor specifically identified the hospital where he received care, administrators were concerned that the amount of publicity surrounding the incident would make it too easy for people to know which patient she was referring to. Consequently, they fired her.
In December 2022, four Atlanta labor and delivery nurses made the news for posting a TikTok that shared things that annoy them about their patients. Emory Healthcare responded that they have “investigated the situation and taken appropriate actions with the former employees responsible.” While no patient information was revealed in the post, the company said that ”this video does not represent our commitment to patient and family-centered care and falls short of the values and standards we expect from every member of our team to hold and demonstrate.”
As nurses wonder how you can create dynamic social media content and even become social influencers, it’s important to remember that you are representing your workplace. The National Council of State Boards of Nursing lists potential consequences for nurses who misuse social media that include:
Beyond the state licensing board, the U.S. Department of Health and Human Services also investigates HIPAA violations, and the fines can be substantial if you’re found to have disclosed PHI on social media. Depending on the nature and severity of the violation, HIPAA fines can range from $100 to $50,000 per incident.
“[HIPAA] training is required for every employee, outside contractor, or even volunteers who, in providing services, may have potential access to private information,” says Evans.
However, organizations need to promote a culture of vigilance to help avoid issues regarding HIPAA and social media.
The American Medical Association (AMA) offers specific guidelines for doctors regarding their use of social media, but any practitioner or organization can use a similar framework to develop some commonsense policies about how to protect patient confidentiality on social media. Here are a few examples of such guidelines:
To effectively market your organization on social media without violating HIPAA, avoid sharing any information that could be used to identify a patient without his or her consent. Don’t share patient stories or photos unless the individuals have signed consent forms.
To avoid violating HIPAA, use social media channels only for:
While social media is a fun way to keep up with friends and news during the day, as well as a good marketing tool, it also poses plenty of risks at work. You must be careful to avoid the penalties that come with HIPAA violations. And, if you work on a team, you should train your staff on best practices for using social media responsibly.
Image courtesy of iStock.com/Khosrork
Last updated on Jul 24, 2024.
Originally published on Feb 21, 2020.
More:
The views expressed in this article are those of the author and do not necessarily reflect those of Berxi™ or Berkshire Hathaway Specialty Insurance Company. This article (subject to change without notice) is for informational purposes only, and does not constitute professional advice. Click here to read our full disclaimer
The product descriptions provided here are only brief summaries and may be changed without notice. The full coverage terms and details, including limitations and exclusions, are contained in the insurance policy. If you have questions about coverage available under our plans, please review the policy or contact us at 833-242-3794 or support@berxi.com. “20% savings” is based on industry pricing averages.
Berxi™ is a part of Berkshire Hathaway Specialty Insurance (BHSI). Insurance products are distributed through Berkshire Hathaway Global Insurance Services, California License # 0K09397. BHSI is part of Berkshire Hathaway’s National Indemnity group of insurance companies, consisting of National Indemnity and its affiliates, which hold financial strength ratings of A++ from AM Best and AA+ from Standard & Poor’s. The rating scales can be found at www.ambest.com and www.standardandpoors.com, respectively.
No warranty, guarantee, or representation, either expressed or implied, is made as to the correctness, accuracy, completeness, adequacy, or sufficiency of any representation or information. Any opinions expressed herein are subject to change without notice.
The information on this web site is not intended or implied to be a substitute for professional medical advice, diagnosis or treatment, and does not purport to establish a standard of care under any circumstances. All content, including text, graphics, images and information, contained on or available through this web site is for general information purposes only based upon the information available at the time of presentation, and does not constitute medical, legal, regulatory, compliance, financial, professional, or any other advice.
BHSI makes no representation and assumes no responsibility or liability for the accuracy of information contained on or available through this web site, and such information is subject to change without notice. You are encouraged to consider and confirm any information obtained from or through this web site with other sources, and review all information regarding any medical condition or treatment with your physician or medical care provider. NEVER DISREGARD PROFESSIONAL MEDICAL ADVICE OR DELAY SEEKING MEDICAL TREATMENT BECAUSE OF SOMETHING THAT YOU HAVE READ ON OR ACCESSED THROUGH THIS WEB SITE.
BHSI is not a medical organization, and does not recommend, endorse or make any representation about the efficacy, appropriateness or suitability of any specific tests, products, procedures, treatments, services, opinions, health care providers or other information contained on or available through this web site. BHSI IS NOT RESPONSIBLE FOR, AND EXPRESSLY DISCLAIMS ALL LIABILITY FOR, ANY ADVICE, COURSE OF TREATMENT, DIAGNOSIS OR ANY OTHER SERVICES OR PRODUCTS THAT YOU OBTAIN AFTER REVIEWING THIS WEB SITE.
Click to collapse disclamerWant Berxi articles delivered straight to your inbox? Sign up for our monthly newsletter below!
"*" indicates required fields