The Role of HIPAA in Your Social Media Guidelines

Transcription

1 The Role of HIPAA in Your Social Media Guidelines Jennifer Maggiore ceo, red balloon inc I m not an attorney All data and information provided in this document is for informational purposes only. and Jennifer Maggiore make no representations as to accuracy, completeness, currentness, suitability, or validity of any information on this site and will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its use. All information is provided on an as-is basis and does not constitute legal advice. Please seek the advice of your organization's legal counsel when making decisions about your organization's guidelines, policies, training, hiring and terminating when it comes to legality and social media. 1

2 introduction 1935: NLRA passed into law 1996: HIPAA passed into law 1997: 1 million websites online 2014: Kathryn Knott social media timeline million websites, AOL IM Myspace and Linkedin Launch billion websites, Youtube launches % of world s 7 billion people have access to the Internet almost 75% of Internet users engage in some form of social media Facebook has over 1 billion users, roughly the population of China Google launches Facebook launches at Harvard Twitter launches, 25 billion websites, Google has 4 million searches per day

3 40% of consumers said that information found through social media channels affects the way they deal with their health. ~Mediabistro the issue year olds are twice as likely to use social media for health related conversations than year olds Only 31% of health care organizations have documented social media guidelines More than 70% More than 25% of adult internet users in the US have a Facebook account of adult internet users in the US have a Twitter account why now DC Interactive found in a poll that 60% of physicians say social media improves the quality of care delivered to patients 3

4 why now According to the Institute for Health, only 31% of healthcare organizations have social media guidelines MedTechMedia found that 1/3 of all healthcare professionals are using social media for networking 2/3 of doctors use some form of social media for professional purposes HIPAA Refresher Health Insurance Portability Accountability Act Passed into law in provisions: Portability Provisions Tax Provisions Administrative Simplification Provisions 4

5 CASE STUDY Cheryl James, RN The Story 2010 Registered Nurse at Oakwood Hospital in Michigan who treated police officer and his shooter posted about the shooter, wished, he d rot in hell on her Facebook page Lesson Employees may believe posting about patients is permissible: 1. On their own devices 2. On their off time 3. On their personal profiles CASE STUDY Kathryn Knott, ER Tech The Story 2014 Kathryn Knott arrested for assault HIPAA violating posts discovered on twitter Lesson Case currently ongoing Never assume employees will use the same good judgment that you would 5

6 CASE STUDY Nursing Home Abuse via Social Media The Story State Survey Agency Directors to survey nursing home policies and procedures related to prohibiting nursing home staff from taking or using photographs or recordings in any manner that would demean or humiliate a resident(s), including posting on social media. Lesson Posting photographs or videos of residents without proper written authorization can result in a HIPAA violation and trigger HIPAA breach analysis and reporting requirements. training employees and leadership separate training for employees on avoiding HIPAA violations include training on codes of conduct training for leadership on social media, HIPAA violations and NLRA violations give leadership the tools they need must by credible and knowledgeable can / can't or will / won't creating a culture of compliance - culture is made up of what we reward 6

7 common myths Violations are not excused when using personal devices / on personal time/when posted to personal profiles It is never ok to divulge any piece of information about any client (all data may be consider PHI) Verbal consent from patients is not valid Never assume that one unprofessional or violating post will "get by" My post will "disappear" (think Snapchat) There is no such thing as anonymity online discovering a violation Usually reported by co-workers May involve manager it is reported to or HR Document what directors, managers, supervisors and HR should do in case of report 7

8 social media guidelines highlights Suggest employees post disclaimers; protects them and organization (cannot be required) Human Resources should use special care in situations involving social media Every healthcare organization should have a set of social media guidelines in place, both for marketing staff who use social media as part of their daily duties on behalf of the organization, and for the general personal use by employees Human resources, compliance officers, legal departments, executives, managers and directors should receive specialized training to understand what they can and cannot ask of employees new for 2016 Periscope live streaming Protecting employee privacy from patients use of social media Shift in attitude about due diligence 8

9 Thank you Jennifer Maggiore ceo, red balloon inc (480) The Healthcare Executive s Guide to Social Media Understanding the Role of HIPAA and NLRA in Social Media Jennifer to receive your guide as well as scheduling your 15 minute consultation. 9