Social media and staying HIPAA compliant. What you need to know.
Social media can be a pitfall of security and privacy leaks for health companies
Social media has become a very powerful and valuable tool, whether for personal or business use. Also, nowadays, more often than not, people have the need and desire to use social media on a continual basis throughout the day. Historically, medical professionals have steered clear from social media in fear that they may violate HIPAA guidelines.
As health companies take significant measures to make sure they are in HIPAA compliance, using social media can be one area that many people overlook, which can cause a security breach. When improperly used (or even correctly), social media can be full of security and privacy leaks for health companies, whether it’s because of negligence or inadequate staff training.
Be sure to talk about cases and not patients
Although you might not be exposing a patient’s name when retelling a story or event, it may be possible for others to recognize who is being discussed based on additional information in the conversation. It is crucial to protect a patient’s information and rights, so be cautious even when removing identifying information from the related story.
Stray away from becoming too friendly with patients
It may seem harmless to befriend patients on social media, but doing so can be a violation of HIPAA security. Some patients could post about their medical condition or even share a post relating to their situation and tag you in the post. Also, responding to a post regarding a patient’s health would be a HIPAA violation. The best way to avoid this is by not adding your patients on social media accounts.
Only allow well-trained staff who are knowledgeable of HIPAA compliance to use official company accounts.
It would be best if you had select people who are well-trained in HIPAA guidelines, to use any official company social media pages. The appointed staff should also be able to monitor for any potential violations. If a violation has occurred, they should have appropriate steps to take, such as immediately deleting of posts and consulting with a legal advisor about protecting the patient’s rights.
Beware of checking social media on work computers.
By using personal social media accounts on company devices, you could be putting the practice at risk. Employes who use company computers to check their social media or email are exposing the computers to malware, which can infect company devices. There are numerous virus types which, once residing on a company device, can begin to attack and breach the entire network of company devices.
Make Sure Your Photos are Free of PHI
Before you upload any photos to social media, double-check that there is no visible PHI in the photo. Although PHI in photos is often incidental and typically not intended to be a part of the picture, it often hides in the background. The best way to prevent accidental exposure of PHI in pictures is to eliminate taking pictures in the workplace.
Create an office-wide policy on the proper use of social media. Research done by the Insititute of Health has shown only 31% of healthcare organizations have given employees guidelines on the proper use of social media. It is of vital importance to be as comprehensive as possible. If you have an employee handbook, update it with a section on everything discussed in this article.