Common HIPAA Violations and the Role of Social Media

[fomayof928@mowline]

Looking for more resources? We’ve put together HIPAA compliance in our social cheat sheet to help you stay compliant while executing an effective and creative social strategy.

While social compliance with HIPAA is complex, the france b2b leads stakes for money, reputation, and most importantly, patient well-being are too great to allow for error. Here are the most common HIPAA violations you should avoid.

Visuals with white backgrounds and titles: Common HIPAA violations on social media. The following violations are listed in the dark and royal blue bubbles: 1) hiding patient details in plain sight, 2) verifying health information, and 3) limiting training to corporate channels and paid personnel.
Hide patient details in plain sight
Even if you don't explicitly include faces, names, dates, or other obvious identifiers, some situational details may reveal personal information about the patient. Both Florence and Van Allen recommend double-checking photos and videos before posting them. Make sure there is no protected information in your media background.

"Something as seemingly innocuous as a photo of an employee break room could be a violation. Someone could zoom in on a patient's chart on the desk and be able to identify their name or other PHI," Van Allen warned.

Verify health information
"Many patients send messages to healthcare brands thinking their information will reach their doctors, which means they are incorporating sensitive PHI into their outreach," Florence said. As we mentioned in the previous section , it is critical to delete any PHI, even if the patient actively provided the PHI.

But a key nuance that many organizations overlook is that you should also avoid verifying PHI. For example, if a patient comments on your post and discloses that they have a disease, you should not acknowledge that disease in your reply. This may be a HIPAA violation. Here are some example scenarios: