HIPAA and Social Networking Conflicts

HIPAA and Social Networking Conflicts

Some healthcare organizations are using social networks (e.g., Facebook, Twitter, and Instagram), some not, but either way it is a good bet your employees are using these sites to connect with and expand their social networks. That can become a huge problem!

Employees who are used to flashing every aspect of their lives online are very likely to discuss work online as well. Social network sites create a huge risk for HIPAA compliance violations, and also for employee problems. HIPAA Compliance is 24/7!

There have recently been HIPAA compliance violations occurring on these popular Internet sites. Retaining control of employee use of social networks is becoming increasingly difficult because healthcare workers access them on personal time away from work.

We encourage you to generally prohibit your employees from including any information about patients on their social network pages, even if patients have given them permission to do so. We also encourage you to prohibit your employees from linking to a patient's social network page where the relationship is strictly professional. We encourage you to prohibit your employees from accessing these social networking pages while at work using your office computer.

Individuals are free to disclose any information they choose on their social network pages, including their PHI. However, you should be sensitive about your employees linking to these pages at work because of the appearance of impropriety and the distinct possibility of a HIPAA compliance violation.

No, you cannot control your employees' lives, EXCEPT as it relates to work.