HIPAA Violations to Avoid When Posting on Social Media
Starting a social media account for your healthcare brand is essential to gain more exposure. When using social media, avoiding HIPAA violations when sharing content online is crucial. Let’s first make sure you know what the HIPAA Privacy Rule protects. As defined. by hhs.gov, the HIPAA Privacy Rule protects most “individually identifiable health information” held or transmitted by a covered entity or its business associate, in any form or medium, whether electronic, on paper, or oral.
The best way to avoid mistakes is to ensure that only individuals trained on HIPAA policies and best practices have access to and manage your social media accounts. This administrative safeguard will ensure that content posted to social media does not violate the 18 Protected Health Information (PHI) privacy rules. A simple way to double-check your posts before clicking publish or share is to ask yourself if what you share can reveal a patient’s identity. Some violations are apparent, while others might be easily overlooked. Here are a few types of posts to avoid when using social media for your healthcare practice.
First, What are the 18 HIPAA Identifiers?
Name
Dates (age, birth date, date of visit, discharge date, admission date, etc)
Telephone numbers
Geographic data
FAX numbers
Social Security numbers
Email addresses
Medical record numbers
Account numbers
Health plan beneficiary numbers
Certificate/license numbers
Vehicle identifiers and serial numbers including license plates
Web URLs
Device identifiers and serial numbers
Internet protocol addresses
Photographic images
Biometric identifiers (retinal scan, fingerprints, voice prints, etc)
Any unique identifying number or code
What are some examples of Social Media HIPAA Violation
Names
Perhaps the most well-known HIPAA violation to avoid on social media is sharing a patient’s name. This includes even the text of your caption and extends to replying to comments your patients might post on your content. Avoid things like “it was great seeing you last week” or other seemingly innocent comments that indicate the person commenting is a patient.
Photos of Doctors and Patients Together
Another reasonably well-known mistake is sharing a photo of a doctor and a patient. Even if the patient knew they were being photographed or posed for the photo, ensure you have permission to post the image publicly on social media.
Background Details
Even when taking a photo of your healthcare staff, be sure no patients are entering or exiting the location, which might accidentally be seen in part of your photo. Be mindful of exams rooms with open doors, people walking in the background, reception area, and parking lots images with vehicles.
Computer Monitors
One of the biggest mistakes many healthcare organizations make is posting a photo of a reception or nurse’s area, including computers that might display patient information on the monitor. This violation can easily be overlooked because you might have to zoom in on that part of the photo to see the personal information, but the PHI may still be identifiable.
Don’t Only Blur Faces
Most people know to blur a patient’s face if it is partially visible in a photo but watch for other personal identifiers like birthmarks or tattoos. Each of these could allow a patient to be identified even with their face being blurred or out of the frame.
Paperwork
When capturing your photos, avoid paperwork pinned to bulletin boards, whiteboards in the background, or desks that may be visible in the background of your shot.
Private Groups
HIPAA rules apply to public posts and extend to private messages on social media and private groups. Just because something is supposed to be shared in a “private group” does not mean it will remain confidential. You should never share patient information in private online groups. Keep this in mind when sharing even in non-public forums.
Do you need help maintaining an active social media presence without worrying that someone will accidentally violate HIPAA rules? The experts at MOXY are well-versed and trained in social media best practices and have an in-depth understanding of HIPAA and how it applies to social media content creation and sharing on platforms. We can help you engage with current and future patients on social media today with a HIPAA-compliant strategy!