Social media has become commonplace in organizations and how they run. As with anything, problems can arise. One of the most significant issues social media can have on a business is violations of HIPPA laws.
These violations can be seen when employees post private information on social media. Joy Hicks (2017) gives some examples of these instances, “an EMT took photos of a murder victim and posted it on social media, two nurses were discussing patients on social media, and a nurse posted about an alleged cop-killer she treated.”
There are cases where the organization can be fined, such as in the case of Elite Dental Associates, according to Maria Clark (2019), “the company responded on YELP with private health information. The organization was fined for a HIPAA violation. There are cases where the business is not fined, but they do take action against the employee that had performed the violation breach, such as that in the case of MUSC Health. An MUSC Health employee posted a photo of an infant patient to a social media platform that breaches HIPAA laws. There can be gray areas involved as well, such as in the case of a Roane County EMS worker posting on Facebook about the incident but didn’t provide the patient’s name or identifying information. Still, the fact it was unusual would have allowed people in the area to know who the patient was. The case was deemed not to be a HIPAA violation breach but was thought to be unprofessional or inappropriate regardless.”
It is recommended that policies be put into place to help prevent these violations from occurring. Several things can be implemented, such as not allowing employees to have their cell phone devices or other recording devices on them while on the clock. Give mandatory training that goes over the policies and shows the employees various visual examples so that they can be aware of what violations may look like in text, social media, etc., and can be more aware of even the most subtle ones.
Considering the smallest violations can irreparably harm an organization, it is essential that they implement a zero-tolerance policy for any infraction and ensure the person responsible is suitably punished for it.
Meticulous records need to be maintained for any violation discovered so that the Office of Civil Rights can see that it has been documented, investigated internally, and appropriate actions have been taken. It is also vital to ensure that any information is not easily accessible by those not authorized to do so.
Access monitoring programs can be placed on all company electronic devices so that it can be easily discovered who has accessed what and when. Many steps can be taken to ensure no violations take place and seeking to find all that can be implemented will be beneficial.
Share this article