Guidelines on The Use of Social Media to Avert HIPAA Violations

ProPublica published a research in 2015 that revealed the involvement of healthcare employees in HIPAA social media violations in 2015. If not resolved, there will probably be a lot more incidents of HIPAA violation happening using the social media. Making the following posts on social media are the typical HIPAA violations committed by way of social media:

  • Posts of photos and videos of patients without getting a written permission
  • Chit chat concerning the patients
  • Any facts that identifies patients
  • Posts of pictures taken within a healthcare center that identifies patients or discloses PHI
  • Posts of text, picture or video in a private chat group

The Department of Health and Human Services’ Office for Civil Rights developed a guide that discusses HIPAA social media rules that healthcare providers could observe. These will help ensure that social media is used in compliance with HIPAA rules.

  • Healthcare companies need to create particular social media policies and be sure that personnel know about it and comply.
  • Healthcare companies should implement social media training for employees. A refresher training course is likewise advisable yearly.
  • Employees should understand tangible examples of both acceptable and unacceptable applications of PHI in social media.
  • All people in a company need to understand that violations of HIPAA using social media could lead to termination of employment, criminal charges and revoking of license.
  • Submit all social media websites for approval by your compliance department first before using.
  • Social media policies should be assessed and kept up to date each year.
  • Policies and procedures should detail permitted marketing tactics on social media.
  • Personal and corporate social media accounts ought to be separate.
  • It is advisable to get social media posts approval from the legal or compliance department first before posting.
  • Companies need to keep track of their social media accounts and establish controls that can flag possible HIPAA violations.
  • Maintain a record of social media posts which your company can utilize for the social media messages.
  • Never participate in any conversation on social media that exposes patient’s PHI.
  • Motivate personnel to report any issues arising from HIPAA violations on social media.
  • Perform a risk evaluation of your company’s social media accounts.
  • Protect access to your company’s social media accounts to avoid unauthorized posts.
  • Activate comment moderation on the company’s social media accounts.