Overview
This presentation explains how HIPAA regulations apply to social media use and highlights steps to prevent unauthorized disclosure of protected health information (PHI), using real-life breach examples.
HIPAA and Social Media
- HIPAA restricts how covered entities use and disclose an individual's protected health information (PHI).
- Social media platforms pose unique risks for accidental or inappropriate disclosure of PHI.
- Careless social media activity by healthcare workers, even if unintentional, can constitute a HIPAA violation.
Real-Life Examples of PHI Breaches
- Paramedic students took photos of a shark attack victim in the emergency department and shared them via email.
- A medical student videotaped a physician performing a procedure on a patient and posted the video on YouTube.
- A nurse posted on Facebook about meeting a specific NFL player and discussed his medical case (a broken arm) in response to questions.
- Publicly visible social media profiles linked hospital employment to posted patient information, increasing the risk of PHI disclosure.
Implications of HIPAA in These Examples
- Sharing patient images or medical details online, even without names, can lead to HIPAA violations if the patient can be identified.
- Responding to social media inquiries about patient encounters may inadvertently disclose PHI.
- Identifiable employment information combined with shared patient details heightens the risk of breaches.
Steps to Prevent PHI Breaches on Social Media
- Do not share any patient information or images on social media, regardless of perceived anonymity.
- Refrain from responding to social media questions about patient cases.
- Be aware that employment information on your profile can correlate with disclosed PHI.
- Receive proper training on HIPAA compliance and social media conduct.