MPA banner 2
Compliance Update
September 12, 2012
     ... from MPA, your trusted compliance strategist   

  

HIPAA & social media: Do you trust your employees? 

It's no secret that the HIPAA hammer is here to stay. The HITECH Act of 2009 increased HIPAA penalties, and the Federal government has been doling them out liberally. As the use of social media expands, health care providers and their employees need to consider the consequences of posting information that could identify a patient. These consequences include penalties under HIPAA, privacy laws and even criminal laws...and making the headlines.

The line between public and private is thin

Social media gaffs run the gamut from malicious to ignorant. The following examples from news headlines reveal why providers should care what their employees are doing with their work computers, home computers and smart phones:

  • A temporary staffer working at Providence Holy Cross Medical Center in Mission Hills, CA posted a photo of a medical record listing on Facebook and commented (rudely) on the patient's condition. The staffer believed this was appropriate because "It's just Facebook" and "I'll post what I want...."
  • The NJ Attorney General's Medicaid Fraud Control Unit charged two SNF CNAs with invasion of privacy and conspiracy for posting a (humiliating) photo of a resident on Facebook.
  • A New York City EMT posted a photo of a murder victim on his Facebook page.
  • A paramedic posted information on his MySpace page about a rape victim he transported to the hospital. Although he didn't use the patient's name, he used enough detail for the media to locate the victim. The victim sued the EMT and his employer.

MPA TIPS for educating employees:

  • Explain that omitting a patient's name does not guarantee that the patient cannot be identified.
  • Remind employees that information sent over social media is often unencrypted-and unsecured. Plus, Facebook and other privacy policies give the social media site the right to use all information posted for their own purposes.
  • Enforce a social media policy that applies to Facebook, Twitter, YouTube, blogs, etc.--both on and off duty.
  • Illustrate how seemingly innocent postings can violate the law.
  • Use your newsletter to advance employees' understanding of privacy issues.

 

MPA can help

 

Management Performance Associates can help you implement compliance policies and procedures. To learn more about how your compliance program can help you avoid penalties, please visit our website: http://www.healthcareperformance.com, or give us a call at 314-434-4227 ext. 16. 

signature 2    

                           Margaret Scavotto,  

            General Counsel & Compliance Manager

  

 

 

  

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 
Margaret

MPA works with healthcare providers who want to ensure they meet the strict and ever-changing Federal criteria for compliance programs.

 

 Subscribe to our Compliance
 Updates

About MPA

Shared Compliance Program

Shared Financial Reporting

Turnaround and Continuing Management

Certificate of Need

Market Assessment and Demand Analysis


MPA is uniquely qualified to manage every stage of compliance program development, implementation, and ongoing management.
 

Follow us on Twitter

View our profile on LinkedIn


 

 

 

 

 
 

 

MPA provides this material for general informational purposes only. Qualified, experienced MPA professionals write the contents of MPA materials. We urge you to carefully consider all of the facts and circumstances of your situation before applying specific information in our email communications. MPA is not a law firm and does not provide legal advice, and nothing herein is intended to be legal advice. Receipt of this email does not create an attorney-client relationship.