In 2011, a warning was given to a nurse for commenting on a blog post. It was a small-town newspaper site, and she used a nickname for the patient and the comment was a positive one. She never mentioned medical conditions or the name of the person. However, since it was a small town, other identifying factors made it clear who the nurse was mentioning. This violated the 18 personal identifiers listed by the Health Insurance Portability and Accountability Act (HIPAA) that must remain private. Just that easily, a well respected healthcare professional committed a HIPAA violation.
This is one of many examples of violations made online almost daily. In today’s world of sharing just about every aspect of our lives on social media, even the most innocent act can result in a HIPAA violation. It doesn’t matter if it’s shared in a positive spirit; there are civil and criminal penalties for employers and employees who divulge patient details without thinking.
So how do you protect yourself, your staff and your organization? Compliance officers know that new hires must undergo HIPAA compliance training. But are you offering refresher training for long-term personnel? And even better yet, training should be documented and it should be interactive (facilitate a dialogue and explain the material, discuss examples and consequences, don’t just hand written policies to new hires and ask them to read it).
A few important tips for training healthcare professionals to avoid HIPAA violations:
+ Keep personal and practice accounts separate.
+ Do not “friend” patients and clients.
+ Make sure everyone understands the 18 HIPAA personal identifiers, all which must stay private.
+ You do not have the right to take a photo of a patient on your phone, even under the happiest of circumstances. Just assume you cannot take any photos at all, with any camera, ever.
We all love to share our lives and what we are doing on social media (I know I do!), but in the medical field it is important to be discriminating, otherwise you could be facing civil and criminal penalties with just one click. A good rule of thumb is to never talk about any individual patient. Have questions about social media marketing or avoiding HIPAA violations? Contact me anytime at Jennifer@redballooninc.com.