Warning Against PHI Disclosure on Social Media

Social Media

Using social media such as Facebook and Twitter can help healthcare organizations in several ways. It helps them to interact with patients and be more involved in their healthcare. It is a user-friendly tool for communicating important messages and information about new services. New patients can be easily attracted via social media channels. However, there should be restrictions in social media use to ensure that HIPAA rules and patient privacy are not violated. How should healthcare organizations and their employees use social media and remain compliant with HIPAA privacy rules?

Though there are no particular HIPAA social media rules, there are HIPAA laws that apply to using social media in healthcare. The most important rule to remember is “Do not disclose protected health information (PHI) on social media networks.” The HIPAA Privacy Rule prohibits using PHI including text, images or videos about patients that could result in identifying them on social media. The only allowed use of PHI in social media is when the patient has given a written consent to use it for a specific purpose. Health tips, medical events, new research information, marketing messages and bios of staff may be posted on social media without any PHI.

Healthcare employees must be specifically HIPAA trained on the use of social media. Otherwise, it is very likely that HIPAA violations will happen. It must be provided as soon as an employee is hired. There should also be refresher training programs provided regularly to remind employees their responsibility regarding HIPAA social media rules.

ProPublica published a study in 2015 that investigated the nurses and healthcare home workers involved in HIPAA social media violations. Photos and videos of patients being abused or in compromising positions were shared in public social media, some in private groups. ProPublica found 47 HIPAA violations on social media since 2012 and many others were not reported.

Most of the HIPAA social media violations resulted in taking action against the guilty employees. Some were terminated for patient privacy violations, while others faced criminal charges. One nursing assistant was terminated from work and was jailed for 30 days for sharing a video of a patient in underwear on Snapchat. Healthcare organizations may also be severely punished for violating HIPAA rules. Hence, they must develop a HIPAA social media policy for their organization and strictly implement it.

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: https://www.linkedin.com/in/liamhipaa/