the role of hipaa in your social media guidelines · hcca clinical practice compliance conference...
TRANSCRIPT
HCCA Clinical Practice Compliance Conference October 23‐25, 2016
1
redballooninc.com
Jennifer Maggioreceo, red balloon inc
The Role of HIPAA inYour Social Media Guidelines
redballooninc.com
I’m not an attorney…All data and information provided in thisdocument is for informational purposesonly. redballooninc.com and Jennifer Maggioremake no representations as to accuracy,completeness, currentness, suitability, or validity ofany information on this site and will not be liablefor any errors, omissions, or delays in thisinformation or any losses, injuries, or damagesarising from its use. All information is provided onan as-is basis and does not constitute legaladvice. Please seek the advice of yourorganization's legal counsel when makingdecisions about your organization's guidelines,policies, training, hiring and terminating when itcomes to legality and social media.
HCCA Clinical Practice Compliance Conference October 23‐25, 2016
2
redballooninc.com
introduction
1935: NLRA passed into law1996: HIPAA passed into law1997: 1 million websites online2014: Kathryn Knott
redballooninc.com
social media timeline
1997 20031 million websites,AOL IM
Myspace and Linkedin Launch
20058 billion websites,Youtube launches
201485% of world’s 7 billion people have access to the Internet
almost 75% of Internet users engage in some form of social mediaFacebook has over 1 billion users, roughly the population of China
1998
Google launches
2004
Facebook launches at Harvard
2006
Twitter launches,25 billion websites,Google has 4 million searches per day
HCCA Clinical Practice Compliance Conference October 23‐25, 2016
3
redballooninc.com
18-24 year olds are twice as likely to use social media for health relatedconversations than 45-54 year olds
Only 31% of health care organizations have documented social mediaguidelines
the issue
40% of consumers said that informationfound through social mediachannels affects the way they dealwith their health.
~Mediabistro
redballooninc.com
why now
DC Interactive found in a poll that 60% of physicians say social media improves the quality of care delivered to patients
70% of adult internet users in the US have aFacebook account
25% of adult internet users in the US have aTwitter account
More than
More than
HCCA Clinical Practice Compliance Conference October 23‐25, 2016
4
redballooninc.com
why nowAccording to the Institute for Health, only 31% of healthcare organizations have social media guidelines
MedTechMedia found that 1/3 of all healthcare professionals are using social media for networking
2/3 of doctors use some form of social media for professional purposes
redballooninc.com
HIPAA Refresher
Passed into law in 19963 provisions: Portability Provisions
Tax ProvisionsAdministrative Simplification Provisions
Health Insurance Portability Accountability Act
HCCA Clinical Practice Compliance Conference October 23‐25, 2016
5
CASE STUDY
The Story
Lesson
redballooninc.com
Cheryl James, RN
Registered Nurse at Oakwood Hospital inMichigan who treated police officer and hisshooter
Employees may believe posting about patients is permissible:1. On their own devices2. On their “off” time3. On their personal profiles
•
posted about the shooter, wished, “he’d rot in hell” on her Facebook page
2010•
•
CASE STUDY
The Story
Lesson
redballooninc.com
Kathryn Knott, ER Tech
Case currently ongoing
Never assume employees will use the same good judgment that you would
2014•
Kathryn Knott arrested for assault•
HIPAA violating posts discovered on twitter•
•
•
HCCA Clinical Practice Compliance Conference October 23‐25, 2016
6
CASE STUDY
The Story
Lesson
redballooninc.com
Nursing Home Abuse via Social Media
Posting photographs or videos of residents without proper written authorization can result in a HIPAA violation and trigger HIPAA breach analysis and reporting requirements.
State Survey Agency Directors to survey “nursing home policies and procedures related to prohibiting nursing home staff from taking or using photographs or recordings in any manner that would demean or humiliate a resident(s),” including posting on social media.
•
•
redballooninc.com
training employees and leadership
separate training for employees on avoiding HIPAA violations
training for leadership on social media, HIPAA violations and NLRA violations
give leadership the tools they need
must by credible and knowledgeablecan / can't or will / won'tcreating a culture of compliance - culture is made up of what we reward
include training on codes of conduct
HCCA Clinical Practice Compliance Conference October 23‐25, 2016
7
redballooninc.com
common myths
Violations are not excused when using personal devices / on personal time/when posted to personal profiles
It is never ok to divulge any piece of information about any client (all data may be consider PHI)
Verbal consent from patients is not valid
Never assume that one unprofessional or violating post will "get by"
My post will "disappear" (think Snapchat)
There is no such thing as anonymity online
redballooninc.com
discovering a violation
Usually reported by co-workers
May involve manager it is reported to or HR
Document what directors, managers, supervisors and HR should do in case of report
HCCA Clinical Practice Compliance Conference October 23‐25, 2016
8
redballooninc.com
social media guidelines highlights
Suggest employees post disclaimers; protects them and organization (cannot be required)
Human Resources should use special care in situations involving social media
Every healthcare organization should have a set of social media guidelines in place, both for marketing staff who use social media as part of their daily duties on behalf of the organization, and for the general personal use by employees
Human resources, compliance officers, legal departments, executives, managers and directors should receive specialized training to understand what they can and cannot ask of employees
redballooninc.com
new for 2016
Periscope live streaming
Protecting employee privacy from patients’ use of social media
Shift in attitude about due diligence
HCCA Clinical Practice Compliance Conference October 23‐25, 2016
9
redballooninc.com
Thank you
The Healthcare Executive’s Guide to Social Media
[email protected](480) 270-5395ceo, red balloon inc
Understanding the Role of HIPAA and NLRA in Social Media
Jennifer Maggiore
Email Jennifer to receive your guide as well as scheduling your 15 minute consultation.