By Art Gross, President and CEO, HIPAA Secure Now!
Twitter: @HIPAASecureNow
Social media has become an incredibly valuable tool, whether for personal or business use, the need and desire to use social media has increased dramatically since it first stepped on the scene. Historically, medical professionals have steered clear from social media in fear that they may violate HIPAA guidelines.
Today, medical professionals cannot deny the fact that social media is a powerful instrument for engaging with their patients and promoting their practice. Luckily for these individuals, utilizing social media doesn’t have to violate HIPAA guidelines. An article over on Practice Bloom shares some great tips for safe ways medical practices can utilize social media.
1. “Talk About Cases, Not Patients”
Although some medical professionals believe that by removing a patient’s name from a story or scenario it becomes safe to discuss that patient in public or with others, however this is not the case. While not revealing the patient’s name might prevent some individuals from identifying the patient, it is possible that someone would recognize what patient is being discussed just based on additional information in the conversation. It is important to protect patient’s information and rights, so be cautious even when removing identifying information from the equation.
2. “Make Sure Your Photos are Free of PHI”
Before you upload any photos to social media, double check that there is no visible PHI in the photo. Although PHI in photos is often incidental and typically not intended to be a part of the picture, it often hides in the background. For example, two employees take a picture in the hospital where they work. Although the employees meant no harm by posting their photo to social media, they were standing in front of a door with a patient’s name. Now anybody who views the photo can see this individual was a patient in the hospital. The best way to prevent incidental exposure of PHI in photos is to eliminate taking photos in the workplace.
3. “Don’t Make Friends with Your Patients”
Although you may see it as harmless to add your patients on social media, this is actually an easy way to find yourself violating HIPAA. Patients could post about their medical condition or even share a post relating to their condition and tag you in the post. Responding to a post regarding a patient’s health would be a HIPAA violation. The best way to avoid this fate is to simply not add your patients on social media accounts. Some physicians even choose to make profiles under fake names to protect themselves online.
4. “If You Wouldn’t Say it in Public, Don’t Post it”
A great way to protect yourself from a HIPAA violation due to exposing PHI online would be to simply ask yourself, “Would I say this in public?” If the answer to this question is “No”, then the information is also not safe to share on the web. Social media should be treated the same way as discussing PHI in public. If you wouldn’t discuss the information in a restaurant or grocery store, don’t post about it online.
5. “Don’t Share Gossip”
While it may seem obvious, avoiding gossiping about patients, especially on social media is vital. Gossiping about patients is not only unprofessional and a likely way to lose patients, but it is also a violation of HIPAA.
By following these 5 simple tips you can protect yourself and your medical practice from suffering HIPAA fines and penalties due to overexposing information on social media.
This article was originally published on HIPAA Secure Now! and is republished here with permission.