Educate staff on HIPAA and appropriate social media use in health care
Assume you are a nurse in an acute care, community, school, nursing home, or other health care setting. Before your shift begins, you scroll through Facebook and notice that a coworker has posted a photo of herself and a patient on Facebook. The post states, “I am so happy Jane is feeling better. She is just the best patient I’ve ever had, and I am excited that she is on the road to recovery.”
You have recently completed your annual continuing education requirements at work and realize this is a breach of your organization’s social media policy. Your organization requires employees to immediately report such breaches to the privacy officer to ensure the post is removed immediately and that the nurse responsible receives appropriate corrective action.
You follow appropriate organizational protocols and report the breach to the privacy officer. The privacy officer takes swift action to remove the post. Due to the severity of the breach, the organization terminates the nurse.
Based on this incident’s severity, your organization has established a task force with two main goals:
• Educate staff on HIPAA and appropriate social media use in health care.
• Prevent confidentiality, security, and privacy breaches.
The task force has been charged with creating a series of interprofessional staff updates on the following topics:
• Social media best practices.
• What not to do: Social media.
• Social media risks to patient information.
• Steps to take if a breach occurs.
- Do not post any patient information on social media. This includes names, dates of birth, photos, and any other identifying information.
- Do not post about your work on social media. This includes discussing patients, procedures, or other work-related matters.
- Be aware of your privacy settings. Make sure that your social media accounts are set to private so that only your friends and family can see your posts.
- Be careful about what you “like” or “share” on social media. Even if you do not post anything yourself, you can still be responsible for a HIPAA violation if you “like” or “share” a post that contains patient information.