HIPAA Violations on Social Media

In a world where hundreds of millions of tweets, posts, snaps, and stories are posted on social media daily, sharing information about our lives may seem like second nature.

But for those in the healthcare industry, sharing the wrong thing could result in a HIPAA violation. Here are a few examples of how a seemingly innocent social media post can go wrong and result in a HIPAA violation.

Social Media and HIPAA – The Basics

If you compare HIPAA Rules and Regulations to a building, patients’ protected health information (PHI) would be the foundation. PHI is the focus of the HIPAA Privacy Rule, which demands limited access. PHI is the data that the HIPAA Security Rule requires to be encrypted, whether in motion or at rest.

Unless a patient has given express written permission to share their PHI, healthcare employees cannot release any of the following details:

  1. Name
  2. Address (including subdivisions smaller than states, such as a street address, city, county, or zip code)
  3. Any dates (except years) that are directly related to an individual, including birthday, date of admission or discharge, date of death, or the exact age of individuals older than 89
  4. Telephone number
  5. Fax number
  6. Email address
  7. Social Security number
  8. Medical record number
  9. Health plan beneficiary number
  10. Account number
  11. Certificate/license number
  12. Vehicle identifiers, serial numbers, or license plate numbers
  13. Device identifiers or serial numbers
  14. Web URLs
  15. IP address
  16. Biometric identifiers such as fingerprints or voiceprints
  17. Full-face photos
  18. Any other unique identifying numbers, characteristics, or codes 

So if a doctor shares a photo from an accident scene that shows the car license of the person he rescued, or if a nurse posts about how great it is to see Mrs. Smith recovering from surgery, both would be violations and could result in substantial HIPAA fines.

Make Sure You’re HIPAA Compliant

We provide policies and procedures and employee training to prevent HIPAA violations.