When Social Media and HIPAA Collide


Six degrees of separation is the theory that we can all be bound through six connections or less. In today's digital world, this number seems to be shrinking all the time as we become more interconnected through social media and share much of our lives online. Last I heard, six degrees of separation is now 4.8 degrees of separation (which is not nearly as catchy).

cnafziger headshotRecently, a physician from Michigan was terminated following a comment she left on a colleague's Facebook picture of the backside of a patient. While the physician did not post the picture herself, her comment included the patient's initials. The picture is pushing it, but adding initials increases the likelihood of patient identification — and thus a HIPAA violation.

In my career, I have handled a few investigations related to employees posting on social media. None of them included traditional personal health information elements (i.e. name, address, date of birth), and each employee thought they were posting something unidentifiable, which would make it OK. However, in most instances, I determined a violation had occurred. This is because HIPAA requires that information cannot be shared without authorization from the patient unless it is necessary for treatment, payment or operations. Even in those cases, only the minimum information necessary should be shared.

Social media is still a gray area, but there are some best practices that can be applied to avoid any potential issues.

  • Posting anything related to patients is risky business. If there is any question in your mind, don't post.
  • Don't lose your moral compass. Public jokes should not be made at the expense of patients,ever.
  • Covered entities should have a policy on social media and provide training and continuous reinforcement of these policies. If you are not aware of your employer's policies, ask.

Social media will keep making our world smaller, and the 4.8 degrees of separation will continue to shrink. Always keep this in mind before you post on social media.

Charlotte Nafziger is the director of compliance at T-System, providing leadership to ensure the company's compliance program is at the forefront of the industry across products and services. She brings more than 14 years of experience and knowledge of the hospital revenue cycle, compliance and training and operations management. 

More Articles on HIPAA Compliance:
NewYork-Presbyterian, Columbia Pay Largest-Ever HIPAA Fine
5 Tips For Protecting Electronic PHI
5 Steps For HIPAA Compliance

© Copyright ASC COMMUNICATIONS 2021. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.


Featured Whitepapers

Featured Webinars