Let's Talk! 541-604-7014


We Are Here To Help You Grow

Most people are aware of the potential HIPAA violations that can occur when using social media within a healthcare setting. But what many fail to recognize is the potential risk made by employees who utilize social media personally. A study by Nucleus Research found that approximately 77 percent of workers have a Facebook account and almost two-thirds of them visit their accounts during work hours. What they post both on and off the clock can have costly ramifications to your practice.

Employees may not realize the implications that can happen from the posts they make on sites such as Twitter and Facebook. They may not realize that by mentioning a patient – even if the name or any other identifiable information is omitted – can be subject to HIPAA violations. It is all a matter of how the comment can be perceived. To make things even more convoluted, the practice is still at risk even if the patient is fine with the post. Again, it is a matter of perception. Take for example, the case of a Rhode Island doctor who was fired from the hospital where she worked after identifying a patient online – not by name, but by enough details that the medical board felt the patient’s privacy was violated.

Employers are responsible and can be held liable for the conduct of their employees when they are acting within the scope of their employment. Medical practices face additional privacy and security regulations under data-privacy laws. Employees are prohibited from disclosing identifiable health information without written authorization from the patient.

The best way to protect your practice is to develop a clear and widely distributed social media policy. The policy that is developed should extend to the use of social media sites both while working and on personal time.

Social media is here to stay and the majority of your employees are engaging in it. Rather than fighting the inevitable, be proactive. Develop a social media policy that outlines the expectations of each employee with regard to patient health information. Next week’s blog will outline what to include in your social media policy for optimal protection.