If a patient disclosed private information, would you tweet about it? Probably not. But posting a selfie at work is harmless, right?
Unfortunately, HIPAA violations on social media aren’t uncommon. And violators may not even know they’re posting something inappropriate. But a careless post could be costly, ranging from $100–$50,000 per incident.5 tips to avoid HIPAA violations Click To Tweet
For this reason, healthcare instructors must teach their students to stay HIPAA compliant —especially on social media.
Social media platforms such as Facebook, Twitter, Reddit, and Snapchat provide an easy way to communicate. But students need to remember their professional obligations when connecting with others and posting online. Even a small violation could be devastating to a health professional’s career.
The website Clinical Advisor shared an RN’s story violating HIPAA laws. The nurse was fired after posting about a toddler with measles in a private Facebook group. While the patient’s name wasn’t shared in the post, the nurse’s place of employment was listed on her profile. The patient was identified and the nurse was fired for a HIPAA violation.
Because students are held to the same standard as licensed professionals, they must be aware of relevant privacy laws and standards on social media. After all, you wouldn’t want one of your student’s careers to end before it even started. To help your program avoid disaster, HIPAA Journal created a list of common social media HIPAA violations:
Now that you know what HIPAA violations on social media look like, how can they be avoided? Here are 5 guidelines to teach your students:
Apply the same HIPAA guidelines learned in the classroom to social media. If you wouldn’t say it in public, don’t post it on social media.
HIPAA violations can occur even if a name isn’t disclosed. Leave out any biographical information and identifying details when posting.
A patient or their files in the background of a selfie could lead to serious trouble. Do a thorough scan of an image’s background before uploading it.
While you’re bound to work with a frustrating patient from time to time, posting about it can lead to serious consequences. Find an outlet other than social media to voice your frustrations.
Facebook messages aren’t encrypted. Once again, if you wouldn’t say it in public, don’t send a private message. If you need to send a message with patient information, use a system that includes a patient portal.
Remember that the second something is posted, it will always be discoverable on a server. Even the delete button can’t “take back” a post, comment, or photo.No selfie or venting tweet is worth $50,000 Click To Tweet
While HIPAA violations can (literally) be costly, they can also be avoided. Get your students into a new habit when they post on social media. Train them to make sure a post is compliant before uploading a selfie at work or ranting about a patient. Even if they’re just sending it to a friend or posting in a private group, a quick scan to make sure HIPAA laws aren’t being violated should become second nature. Because let’s be honest, no selfie or venting tweet is worth $50,000.
If you’d like more ideas for teaching HIPPA rules, check out Teaching HIPAA Rules: 3 Keys to Success