How Doctors Can Avoid Social Media HIPAA Violations: It’s Not Rocket Science

flickr: ttarasiuk

The case of a Rhode Island physician fired and fined for violating HIPAA regulations on her personal Facebook page may have the unfortunate effect of discouraging some hospitals from embracing social media.

It shouldn’t. By following simple steps, the physician and hospital could have avoided the entire fiasco.

Here is what we know. According to the Boston Globe:

Dr. Alexandra Thran, 48, was fired from the hospital last year and reprimanded by the state medical board last week. The hospital took away her privileges to work in the emergency room for posting information online about a trauma patient.

Thran’s posting did not include the patient’s name, but she wrote enough that others in the community could identify the patient, according to a board filing. Thran, who did not return calls for comment yesterday, also was fined $500.

Here are  three fundamental rules (included in our e-book “9 No-Nonsense Rules to Ensure a HIPAA-Compliant Social Media Strategy,” co-written by attorney and blogger David Harlow) that apply to this unfortunate event.

Limit liability by establishing clear policies and procedures

Apparently Westerly Hospital had no social media policy in place. Hospitals need to understand that employees, including emergency room physicians, are engaged in Facebook and other social media platforms in their personal lives. A clear employee social media policy is essential to give them clear guidance – even if the hospital does not have its own social media platforms.

Train your staff in policies and procedures

Once you develop social media policies, make sure everyone in your hospital is thoroughly trained.

Understand HIPAA and protected health information

Because the offending post has been deleted from Facebook, we are left to speculate about its content, but it is clear that protected health information was shared. Even though the patient was not named, information was included that resulted in the patient being recognizable.

This violates HIPAA 101. Since it is difficult to know what clinical information may or may not be recognized, physician blogger Kevin Pho, MD, points out that it is “better to be safe and obtain written patient permission before posting a patient story online.”

Some additional lessons

We have not heard the end of these examples. Bryan Vartabedian, MD, and author of the popular blog 33 Charts, writes that “this is just one casualty of an evolving communication medium. Expect more.”

If not careful, short-sighted hospitals will use this physician faux pas as an excuse to avoid embracing social media. That would be a big mistake.

It’s not rocket science. This problem could have been avoided by following three simple steps. Standing on the social media sidelines will deprive hospitals, their physicians, their staff and their patients of powerful and effective education, sharing and connecting tools.


How we help

Hive Strategies helps health systems create HIPAA-compliant online communities for better health, lower costs and greater loyalty.

13 replies
  1. Garcinia Benefits
    Garcinia Benefits says:

    Appreciating the time and effort you put into your website and in depth
    information you offer. It’s nice to come across a blog every
    once in a while that isn’t the same outdated rehashed material.
    Wonderful read! I’ve bookmarked your site and I’m including your RSS feeds to my Google account.

    Feel free to visit my web page – Garcinia Benefits

    Reply
  2. Dan Hinmon, Principal
    Dan Hinmon, Principal says:

    Now you’re making me laugh, Mark. But at the same time I realize for Dr. Thran — and maybe a lot of other physicians — this is serious stuff. Hospitals do a great service when they give provide clear, specific guidance for social media.

    Reply
  3. Mark Frisk
    Mark Frisk says:

    Nice overview.

    I found the following from the Boston Globe story fascinating:

    “The attention that hospitals in the Boston area are giving the issue varies considerably. Boston Medical Center, for example, doesn’t have a policy. ‘It just doesn’t seem to have been an issue as of yet,’ spokeswoman Gina DiGravio said.”

    Great idea! Let’s wait until we have an issue, THEN we’ll put a policy in place.

    Reply
  4. Dan Hinmon, Principal
    Dan Hinmon, Principal says:

    Thanks for the comment, Phil. It’s nice to hear from you! Hope all is going well for you, and you’re enjoying your break!

    Reply

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>