How to Keep Social Media Fun and Stay HIPAA-Compliant
by Anja Grimes
The amount of time people spend on social media is constantly increasing. On average, a person spends more than two hours a day on Facebook, Instagram, Twitter, and many other social media sites. Our world has become more social, and we value being in touch with friends near and far at the tap of a finger.
Chances are you and your colleagues have an account on at least one social media platform. If used appropriately, social media helps us stay connected, share experiences and important information with our followers, and explore new interests. But we each have our own personal preferences around sharing. Some like to journal their day for all to see, while others may be more private and selective in their posts.
In our professional lives, we often come across well-intentioned posts that have unintended consequences. Consider the recent post by ER nurse Katherine Smith Lockler that went viral. Her intention was to educate people about staying out of the ER if they have minor flu symptoms and to encourage handwashing, but that’s not how it turned out.
With over 9 million views, nurse Lockler became an Internet sensation, albeit with mixed reviews. Some nurses applauded her for her honesty and good intentions, while others felt her post had an unprofessional tone and may even have violated HIPAA privacy regulations. If such allegations are found to be true, nurse Lockler could face disciplinary action by the board of nursing, including a reprimand or sanction, assessment of a monetary fine, or temporary or permanent loss of her nursing license.
This example, along with many others, leads to the questions: "What is okay to post?" and "How can I share important information without violating anybody’s rights?" Sometimes, it is a very thin line between what’s okay and what’s not. So, when in doubt, do not post!
A Quick Overview of HIPAA
HIPAA is an acronym for the Health Insurance Portability and Accountability Act. Passed in 1996, HIPAA is a federal law that sets a national standard to protect medical records and other personal health information. The rule defines "protected health information" as health information that:
- Identifies an individual and
- Is maintained or exchanged electronically or in hard copy
Information with any components that could be used to identify a person is protected. The protection stays with the information as long as the information is in the hands of a covered entity or business associate. HIPAA protections apply to individually identifiable information in any form, electronic or nonelectronic. The paper progeny of electronic information is also covered (i.e., the information does not lose its protections simply because it is printed out of a computer), as are oral communications.
Sometimes, it is a very thin line between what’s okay and what’s not.
So, when in doubt, do not post!
Be Social, and Respect HIPAA!
Infringing on a patient’s privacy on social media can be extremely easy, even if we don’t intend to do so. Improper use of social media by nurses and other healthcare professionals may violate state and federal laws—such as HIPAA—established to protect patient privacy and confidentiality. Such violations may result in both civil and criminal penalties, including fines and possible jail time.
Here are our Do’s and Don’t’s in regard to posting on social media:
- Know your workplace/facility social media policy
We can’t stress this enough. Your workplace will have policies to ensure compliance with HIPAA. There may be additional restrictions on social media usage and posting for all employees. Make sure you know your workplace’s rules and follow them strictly.
In one real-life example, several nurses who work together in a hospital emergency department were fired for discussing patients on a social media site. Even though they did not post any identifying information, they still violated the hospital's policies.
- Get patient permission in writing.
Maybe you think that posting something about a patient’s situation or outcome may benefit a broader audience. What better way could there be than to educate your network by sharing that valuable experience on social media? Before you do so, be sure to get the patient’s permission in writing in order to prevent any consequences due to violating the patient’s rights. (And don’t forget to confirm that such a posting complies with your facility’s policies.)
- Use a designated social media manager.
If you are posting on behalf of your workplace, make sure you follow all your employer’s rules and policies. It’s also best to know whether your workplace has a designated social media manager whose job it is to make posts on behalf of the facility.
- Don’t post patient information or case details.
Although this seems obvious, we sometimes don’t realize that patients may be identified accidentally in social media posts that include information about their cases, even if their names are not posted. Such a breach of confidentiality can lead to serious consequences, including termination for nurses and other healthcare professionals.
In another real-life example, a nurse who treated an accused killer posted on Facebook that she had come face-to-face with evil and hoped that the alleged “cop-killer” would rot in hell. Although the nurse had not stated any specific details about the patient, the circumstances of the patient's injury and concurrent media coverage made him easily identifiable. A few days later, the nurse was fired for her unprofessional behavior.
- Don’t believe a post is ever truly private or can be fully deleted.
Once you post anything online, it will live forever! Even if you delete a post, it may have already been shared, saved, copied, downloaded, etc. There are endless possibilities of what happens once any content is posted publicly. Maybe a screenshot will be forwarded directly to your boss by one of your “friends”!
- Don’t give blanket medical advice.
While it is okay to post, for example, about the importance of handwashing, stay away from any blanket medical advice, including medication use, dosages, etc. Instead, refer your readers to a reputable source that provides evidence-based information about your topic, or recommend people make an appointment with their own primary care provider. Remember, addressing healthcare questions on social media may violate HIPAA rules.
Consider these Do’s and Don’t’s before posting on any social media platform. Maintaining one’s professionalism and respecting everyone’s privacy is critical for all nurses and other healthcare practitioners. And when in doubt about your posting, remember the adage “Better safe than sorry!”
Let’s all keep the realm of social media fun—and HIPAA-compliant—for all!
About Wild Iris Medical Education:
Wild Iris Medical Education, Inc., is a privately held, woman-owned company providing online healthcare continuing education since 1998. We offer online ANCC-accredited nursing continuing education courses, including CEUs for occupational therapists, physical therapists, paramedics, EMTs, and other healthcare professionals.
Join Us and Become One of Our Million+ Satisfied Customers Today!
High-quality, accredited, evidenced-based continuing education courses in an easy-to-use format designed for learning, from Wild Iris Medical Education. We've been providing online CE since 1998.