Our Blog

HIPAA Myths and Their Impact on Social Media Violations



HIPAA is not only about healthcare but it is a federal law that regulates patient's privacy and information security. So if you are in a healthcare sector and have access to patient’s private health information, then you should have a complete understanding of HIPAA requirements.


Every year HIPAA violations cost individuals and business owners billions of dollars in fines and remediation efforts. Generally, HIPAA violations are often the result of mishandling files, but sometimes it involves employees making wrong decisions when using social networks, so proper social media training for appropriate use of technology in the workplace is essential.


What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 protects insurance coverage for employees once they change or lose their job and establishes privacy and security standards for aid info. HIPAA involves four rules:


Privacy Rule: Protects the privacy of separately recognizable health information, referred to as protected health information.

Security Rule: Assign national goals for the safety of electronic protected health information.

Breach Notification Rule: Needs covered entities and business associates to provide notification following a breach of unsecured protected health information.

Patient Safety Rule: Protects familiar information getting used to investigate patient safety events.


Reasons Behind HIPAA Violation

HIPAA defines specific types of protected health information, and prohibits any unauthorized disclosure of patient’s information by any healthcare employee. Although it sounds simple, the devil is in the details, and PHI includes not only the patient’s name and address but also a wide range of other details like patient’s record number, vehicle license plate number, date of service, and so on. It is important for every healthcare professional to understand the reasons for and causes of HIPAA violations and what should be done to avoid such unintentional unauthorized disclosures.


HIPAA and Social Media Violations

HIPAA violations on social media are the breach of both the Privacy and Security rules. Due to perceived security on social networks and lack of HIPAA guidelines understanding, employees may be unaware that their behavior is violating HIPAA. Several myths surrounding HIPAA can be prevented with a good social media policy and proper employee training. Below are some examples of HIPPA violations. A quick review of these will illustrate how they could have been prevented:


Myth #1: Discussion about patients without using their names is okay

There was a well known incident in California where 5 nurses were fired from a medical center for discussing patients on Facebook. Although the hospital didn’t claim any identifying information in the post, they still chose to fire the employees. A similar incident happened in Michigan when a nurse was fired for making an update on Facebook in which she posted about, but did not name, a person who was a patient at her hospital that had been charged with murdering a police officer.


In both of the above cases, the hospitals felt that the social media updates were unauthorized disclosures of PHI.


Myth #2: Public figures don’t have the same protections

An employee of UMC resigned from her job due to a privacy-violating tweet. She responded to Governor Haley Barbour's tweet with a remark regarding his private after-hours appointment, and the UMC officials considered this to be a violation of privacy laws. Although the governor is a public figure, his medical history is protected under HIPAA.


Myth #3: Pictures of the workplace are okay as long as they aren’t of patients

Four nursing students were expelled from their program for posting their pictures which included human placenta on Facebook. They were expelled for their lack of professional behavior. Sometimes more can be seen from a picture than the photographer intends.


How to prevent HIPAA violations on social media

The first and foremost step is to develop a thorough HIPAA social media policy. The policy should describe PHI in detail so that all employees understand everything that is covered under HIPAA. Your social media policy should also explain that even when social networks are set to “private” they are still public disclosures.


Having a policy is an important step, but it should be followed by thorough HIPAA training so that the employees have the opportunity to ask questions and learn about HIPAA violation examples. If the employees are fully aware of the laws and the consequences, this will greatly reduce the number of violations and protect both the company and their employees.




Tags: HIPPA Compliant Checklist, HIPPA Compliant Web Design Service, Medical Website and Apps

<< Back

Contact Us

Recent Articles

HIPAA Compliance Email Security for Healthcare Industry

  As a healthcare professional, you are most likely very well versed in all aspects of HIPAA compliance; the act of maintaining the integrity and protection of your patients' medical treatment ... Read More...

Why Responsive and Mobile Apps are Vital to the Healthcare Industry

  With the increased usage of Smartphones and tablets more and more people - and prospective patients - access the internet are using mobile devices. Websites which are not mobile compatible ... Read More...

How To Ensure Proactive Backup Reporting in Your Environment

  Have you ever seen the movie Toy Story 2?  It might shock you to hear that this film was nearly lost for good during its production stage. Just like any ... Read More...