FindLaw KnowledgeBasePublished: 2012-06-15
Over the years, we have heard numerous stories of employees who have gotten into hot water at work because of what they’ve said on social networking sites. The need to vent about a bad day is natural, but when you do it online, you may find yourself venting about your work problems a lot less for want of a job.
But when you’re in the medical profession, the stakes for bad social networking habits are a lot higher than just losing a job: Those who disclose patient information online can find themselves in violation of patient privacy laws like the Health Insurance Portability and Accountability Act, known as HIPAA. Doing this can result in not only getting disciplined or fired, but being subject to fines of up to $250,000 and even a prison sentence. Another potential negative consequence is an investigation and discipline by the professional’s state board.
But that threat hasn’t stopped some medical professionals from posting confidential patient information online without permission. Some recent examples of social networking HIPAA breeches include:
- A nurse who posted a patient’s picture and chart on his Facebook page because he thought it was “funny” and since it was “only Facebook,” there was no real harm in it
- A doctor who treated a patient over Twitter
- Emergency room personnel who posted pictures on the Internet of a man being treated for fatal knife wounds
- A doctor who asked a patient on a date after seeing her profile on a dating website
- A Rhode Island doctor was fired from the hospital and reprimanded by the Medical Board after she posted on her Facebook page about a long day at work. She never referred to the patient’s name but gave out enough details about the injuries to allow others to guess who it was.
Although these are extreme examples of social networking gone wrong, even seemingly innocuous behaviors like writing about work on a blog or friending a patient on a social networking site can lead to HIPAA violations and related Medical Board complaints of unprofessional conduct.
Avoiding Privacy Violations Online
In order to address the growing problem of HIPAA violations by medical professionals, Novarus Healthcare, LLC — a North Carolina-based company that develops mobile solutions — is creating technology that will monitor social media sites to find HIPPA violations and evaluate the severity of the privacy breeches, which will help a medical facility take appropriate action.
Some medical schools — like Mount Sinai School of Medicine — are also doing their part to help solve the problem by giving future doctors tips on how to conduct themselves professionally online, as well as examples of people in the profession who have made serious mistakes on social networking sites.
Ultimately, however, it’s up to medical professionals to think before they hit the send button. According to Dave Ekrem, the social media manager at MassGeneral Hospital for Children, some ways to avoid HIPAA violations online include not talking about patients, even in general terms; not posting things anonymously, which can encourage bad behavior; and not mixing your personal and professional personas in the same online profile.
If your office is posting medical photographs or video on a website, blog or social media, ensure that the patient consent forms are HIPAA compliant. Failure to do so could result in a HIPAA complaint and a breach of privacy claim.
HIPPA violation accusations should be taken seriously by medical professionals. If you’ve been accused of violating patient confidentiality, speak with an experienced attorney.