Tuesday, September 15, 2015

HIPAA Violations and Social Networking

Social Networking Is Putting Your Practice at Risk

Many healthcare organizations are using social networks (Facebook, Twitter, Instagram, etc.) as a means of connected with their client base, or as a means of advertising their services. Whether your practice is using these social networks or not, you
can reasonably assume that your employees are using these sites to expand their own personal social network. This can present a huge problem! 

Employees who frequently use these sites as a way of sharing the events of their personal lives are very likely to discuss work on-line as well. Social network sites create a huge risk for HIPAA violations, and also for employee relation problems.

HIPAA violations occurring on these popular social media sites demand employers establish guidelines for social network use. Because healthcare workers normally access them on personal time away from work, employers should discuss the importance of these guidelines.

Employers should generally prohibit employees from including any information about patients on their social network pages, even if patients have given them permission to do so. It is also recommended that you prohibit your employees from linking to a patient’s social network page. We encourage you to prohibit your employees from accessing these social networking pages while at work using your office computer.

Individuals are free to disclose any information they choose on their social network pages, including their own personal PHI. However, you should be sensitive about your employees linking to these pages at work because of the appearance of impropriety and the distinct possibility of a HIPAA violation. Employers cannot control their employee’s lives and social media activity, EXCEPT as it relates to work.