PHI of 15,000 Shared on Social Media

PHI of 15,000 Shared on Social Media

social media PHIIt's not surprising the popularity of social media continues to rise. Social media provides us with a convenient way to communicate electronically, to share information, ideas, personal thoughts, and other content. The Pew Research center estimates approximately 76% of Americans who use the internet regularly use at least one social networking site. 10 years ago, only 7% of the U.S. population used one or more social networking sites.

Because of the convenience and the increased popularity of social media usage, we need to proactively be thinking about what information is being shared, who will see the information, and when the information may be shared.

Just last year, the New Hampshire Department of Health and Human Services (DHHS) announced that personal information form DHHS internal files had been posted to a social media site. The breached files contain protected health information (PHI) and personal information for as many as 15,000 DHSS clients.

According to the New Hampshire DHHS press release:

  • In October 2015, PHI was accessed by an individual who was a patient at New Hampshire Hospital at the time, using a computer that was available for use by patients in the library of the hospital.
  • A staff member observed the individual access non-confidential DHSS information on a personal computer in the library.
  • The staff member reported the incident to a supervisor who attempted to restrict access to the library computers. However, the incident was not reported to management at the hospital or to DHHS.
  • On August 2016, a security official from the hospital informed DHHS that the same individual may have posted some DHHS information on social media.
  • On November 4, 2016 DHSS was informed by the hospital security department that the same individual that day had posted confidential, personal information to a social media site.

The press release goes on to say this was an isolated incident that stemmed from unauthorized access in October 2015 and "not the result of an external attack." If you need help training your organization on social media and HIPAA, read our article about the "Do's and Don'ts of Social Media."

While the popularity of social media usage continues to grow, so does the threat of confidential and personal information being shared. This is one of the reasons why Healthcare Compliance Pros is publishing our social media series. In our next article, we will reference this incident as we provide 5 tips for ensuring PHI does not impermissibly be shared on social media.

Ifyou have any questions, please feel free to reach us by phone toll-free at 855-427-0427 or send us an email at[email protected].