It comes as no surprise that statistics are being touted regarding the use of social media and networking sites. It certainly is changing the way we communicate and stay connected as well as having a large impact on the workplace and hiring processes. It has been reported that as many as 70-80% of all workers have a Facebook account and about two-thirds of those people access their accounts while at work. This doesn’t account for other media sources such as texting or twitter. Not only are employers having difficulty determining how this affects employee productivity, it can also lead to serious legal implications for employers, employees, and the companies they work for. Many employers now incorporate policies that can lead to immediate dismissal of the employee if social media networks are used on the job or if the company is in anyway identified on a person’s social network. The risk of use by employees can create many legal risks for the company. But what does that have to do with HIPAA laws?
Any company that handles, stores, or processes any type of medical information can come under scrutiny of the Health Insurance Portability and Accountability Act, otherwise known as HIPAA. To review HIPAA rules visit the U.S. Health and Human Services Department website. Violations of the HIPAA act can lead to disciplinary action, termination, being subjected to a $250,000 fine and even prison. In addition, any infraction may cause the governing board of your profession to investigate your actions and subject you to discipline. Has this stopped people from crossing their personal and professional lives on social networking sites? Evidently not! Specific violation examples that resulted in serious action as sited in “HIPAA and Social Networking Sites: A Legal Minefield for Employers” What you say on the elevator, to a co-worker, in a text, tweet or on Facebook can be interpreted as a HIPAA violation that you never intended. So, how do you protect yourself?
If you are an employer, you should ensure that all policy and procedures address use of social networking sites and any other internet activity in the workplace, distribute those policies and have employees sign acknowledgements they received and read the policies. Share specific examples with your employees of the kinds of statements that could be interpreted as violations. This is the best and most effective way to safeguard your liability. As employees, never talk about your clients. Avoid discussing cases that you work or see. Keep your professional life and personal lives separate. Don’t befriend clients or involve families.

Before accessing patient information, ask yourself the following:

  • Is the information I am about to access necessary for me to complete my job?
  • Am I accessing only the minimum necessary to complete my job, no more and no less?
  • Am I accessing, disclosing or using this information for treatment, payment, or healthcare operations reasons?
  • If I am accessing, using or disclosing this information, should I have a signed authorization from the patient?

In addition, place the following into practice:

  • Discuss a patient or client in public areas such as elevators, hallways or cafeterias or outside the facility or office
  • Share your computer username, ID or password
  • Look at information about a patient or client unless you need it to do your job
  • Take information about a patient or client home
  • Discuss patient information around visitors, without the explicit documented authorization from the patient
  • Post any patient related information in church bulletins, Facebook, MySpace, or other social networking websites
  • Bring friends or family into the office, facility, or agency where they could see or hear patients receiving care or have access to personal health information.