HIPAA Alert: Social Media Guidelines You Need to Know

The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996 prior to social media. However, there are HIPAA laws and standards that apply to social media – the Privacy Rule and the Security Rule.

Employees may never post information online in a manner that states or reasonably suggests that they are representing Methodist Health System (MHS) without express prior approval from the Marketing Department. Claudia Bohn, communications and public relations director, will help you share stories of providing the best possible care. 

If you decide to post on social media and identify yourself as an MHS employee, according to our social networking policy, you must include the following statement:

The opinions expressed here are the personal opinion of [your name]. Content published here is not read or approved by Methodist Health System before it is posted and does not necessarily represent the views and opinions of Methodist Health System.

Please review the MHS Social Networking Policy.

Social media guidelines

• All employees are expected to conduct themselves in a manner that reflects integrity and shows respect and concern for others, including on social media.
• Never post confidential information, photos of a patient or videos of a patient on the internet, even if it does not include a patient’s name. Inappropriate posts can seriously damage Methodist Health System's reputation.
• Never discuss confidential information in public forums, chat rooms, text messages or news groups.
• Be cautious of identifying yourself as an MHS employee on social media.
• Refrain from friending patients. Employees should keep their personal and professional lives separate. Befriending and interacting with patients online can result in accidental disclosures of protected health information (PHI).
• Do not discuss workplace frustrations with patients or share workplace related frustrations online.
• Do not use MHS logos or trademarks on your personal posts.
• Failure to follow the Social Networking Policy may result in corrective action, up to and including termination of employment.

Examples of HIPAA violations on social media

Elite Dental Practice Pays $10,000 to Settle Social Media Disclosures of Patients’ Protected Health Information

On June 5, 2016, the Office for Civil Rights (OCR) received a complaint from an Elite Dental patient alleging that Elite had responded to a social media review by disclosing the patient’s last name and details of the patient’s health condition. The OCR’s investigation found that Elite had impermissibly disclosed the protected health information (PHI) of multiple patients in response to patient reviews on the Elite Yelp review page. Read more.

Social Media Post Prompts Firing at Texas Children’s Hospital

A nurse posted details of a boy’s condition to an anti-vaccination support group on Facebook. The nurse did not include the boy's name, but her Facebook profile listed where she worked. A Facebook friend had a child at the same hospital. Worried about exposure to the disease, that parent posted screenshots to the hospital’s Facebook page. Read more.

If you see something, say something

When you see content posted by colleagues that appears unprofessional, you have a responsibility to bring it to the attention of:
•    Quality and Safety N.O.T.E (Notation on the Event) – Anonymous reporting
•    Lighthouse – Anonymous reporting 1-877-640-0005 or via MHS/intranet/resources/compliance
•    Privacy officer Anita Patterson
•    The management team
•    Human Resources

Questions?

Contact Privacy Officer Anita Patterson, MS, at (402) 354-6863 or @email.