To understand how not to violate HIPAA, we must first understand what HIPAA is. The Health Insurance Portability and Accountability Act of 1996, commonly referred to by the acronym HIPAA, is an act of law that protects health insurance coverage of recently terminated employees, standards for electronic medical transactions, standards required for group health insurance, and several other items primarily regarding health insurance. For healthcare personnel, an extremely important section of this act is the Standards for Privacy of Individually Identifiable Health Information, which is often known by simply the “Privacy Rule.” This rule created a national standard of confidentiality and protection of medical information of individuals. (HIPAA for Professionals, 2017). The Privacy Rule protects all healthcare related information that could be used to identify an individual. This information includes the individual’s health condition, past, present, or future, any provision of care the individual receives, and any payment, past, present, or future, that the individual makes to a health care organization. This rule also includes date of birth, social security numbers, name, or home address (HIPAA Privacy Rule, 2015).
Even with only a brief overview of HIPAA and the legality surrounding the act, it is evident that the law is very comprehensive when it comes to what could be considered a violation of patient privacy. As such, health professionals must be very cautious not to accidently allow for the identification of a patient. In the modern day of rampant social media use, the risk of violating HIPAA is at an all-time high.
Common social media HIPAA violations are accidental but are still serious issues and must be avoided. These violations can include but are not limited to gossip, the sharing of photographs of a patient, posts that are thought of as private that could reveal patient identities or relationships, and any photographs or messages that could have patient files in them (Posting with Caution, 2018). These may seem like issues that only someone careless would make, but when put into real-life scenarios, it becomes easy to see how a quick lapse in judgement could cost a healthcare professional their job.
The first violation was about gossip. Imagine if a nurse had a patient that was very stubborn, refused to take their medication, and then routinely came into the facility complaining about how their health isn’t improving. The nurse then logs onto Facebook and sees a captioned picture from a “Nursing Meme” page that expresses frustration related to difficult patients. The nurse tags one of his coworkers and writes, “This is exactly like the guy in 314.” While it might not seem like an issue, as “314” does not immediately identify a patient, talking about a patient by their room number, or even a nickname, is a breach of confidentiality and a violation of HIPAA (White Paper, 2011). Derogatory speech should be always avoided by the nurse, especially when it is regarding a patient.
The second situation of sharing patient photographs often has less of a malicious intent yet is still a violation of HIPAA. In this scenario, a nurse is going about her normal day when they find out that one of their friends is their patient. She then takes a picture of her friend on the app Snapchat and writes, “Look who is my patient today!” While the friend might not have an issue with the photograph being taken, they are still protected by HIPAA and thus the photograph is considered to be protected health information that requires written consent to be distributed (HIPAA Restricts, 2018). This violation could be avoided by asking for consent before taking the photograph, but since personal cell phones should not be used in the workplace, the photograph should not have been taken in the first place.
Many people believe that if their social media account is set to “Private,” only a select few people can see the photo. This is not the case, as employees of the company have access to the photo, and it can be visible to them even if deleted (White Paper, 2011). While it is unlikely that someone from Facebook is going to see a random picture or post about a patient and call the Department of Health and Human Services, it is more likely that a follower of the account would see the post and screenshot it, and thus be able to distribute the post as they like. Suddenly, it goes from a select few people who can see the post to practically anyone. This scenario is avoided by not sharing pictures or making comments about a patient that could reveal who they are, even if there were only a few people intended to hear about it.
The last situation is about sending a photo or message that could reveal patient files. Snapchat, a popular social media app, allows users to send pictures, usually in the form of “selfies,” back and forth to each other. A nurse on break could take a “snap” of his or herself to send to a friend and unknowingly capture patient data from a computer, a chart, or even a bulletin board. While the nurse’s intent was to send a harmless photo, they have now breached the Privacy Rule by distributing patient information. As with a previous scenario, the situation could be avoided by not using a personal cell phone in the workplace, especially when pictures are involved.
In short, there are many ways to violate HIPAA without even realizing it. Talking about patients on social media should be avoided, as well as any pictures taken in a health care setting or facility. Personal phones should be kept tucked away during work hours, and in the event of a legitimate use of the phone, extreme caution should be kept. Social media can certainly be used by nurses, but there must be a standard of both competency and discretion.
This essay has been submitted by a student. This is not an example of the work written by our professional essay writers. You can order our professional work here.