Social Media's Role in Privacy Breaches

Educate Your Medical Employees on Social Media HIPAA Violations

Female doctor in medical office
Eva-Katalin/Getty Images

Social media is a growing area of concern for violations of patient privacy (HIPAA). Breaches by individual employees harm patients and place the facility at risk. You may think."Everyone knows what HIPAA is," but apparently some don't, or they simply don't care.

HIPAA Breaches on Social Media

HIPAA breaches by employees can occur in many ways, however, social media seems like the easiest way to get caught.

Even though there are countless incidents of firings, lawsuits, and even criminal and civil charges, employees continue to post information on Facebook, Twitter, and other social media. Employers offer training and education on HIPAA, but employees continue posting what they think are innocent posts.

It is important for all facilities that are considered a covered entity under HIPAA to have a social media policy in place in order to be protected from any negative outcomes. Although it is impossible to stop all privacy breaches committed by employees, employers should take every necessary action to discourage employees from accessing information without authorization or sharing information without authorization. Employers should also include regular HIPAA training and reminders into the culture of their medical facility.

Examples of Social Media HIPAA Violations

Here are a few examples of how employees were caught violating HIPAA by posting patient information to their social media page.

  • A paramedic posted information on a social media site about a sexual assault victim. Although the victim's name was not disclosed, the paramedic detailed enough information in the post that the media was able to discover the identity of the victim and where she lived. The plaintiff filed a lawsuit against the paramedic and the emergency service he worked for due to privacy violations.
  • Two nurses took pictures of a patient's x-rays showing a sex device lodged in his rectum with their cell phones and one of the nurses posted the pictures on a social media site. Both nurses were fired but no charges filed because the nurse took down her social media page and no evidence of a HIPAA violation was found. However, the case was turned over to the FBI for investigation.
  • An emergency medical technician was fired after taking photos with his cell phone of a murder victim and posting them on a social media site. The EMT had to surrender his EMT license and perform 200 hours of community service. The fire station he worked for did not face any charges.
  • A few nurses who work together in a hospital emergency department were fired for discussing patients on a social media site. Even though they did not post any identifying information, they still violated the hospital's HIPAA policy.
  • A temporary employee posted a photo of a medical record with the patient's full name and date of admission to his social media page. Although other posters advised him that it was a HIPAA violation, he chose to keep the post up and even defended his reason for posting it saying "It's just a name..." among other things. The worst part of this story is that the employee was making fun of the patient's condition.
  • A nursing home employee took a photo of a resident's genitals with a cell phone. The employee sent the photo to a friend who posted it on a social media site. The employee was fired and both were charged with invasion of privacy and conspiracy.
  • A nurse was fired after posting on her social media page about an alleged cop-killer she treated even though she did not discuss the details of his condition, his name or any other identifying information. This one detail was enough to identify the individual.

Continue Reading