the role of hipaa in your social media guidelines · hcca clinical practice compliance conference...

HCCA Clinical Practice Compliance Conference October 23‐25, 2016

1

redballooninc.com

Jennifer Maggioreceo, red balloon inc

The Role of HIPAA inYour Social Media Guidelines

redballooninc.com

I’m not an attorney…All data and information provided in thisdocument is for informational purposesonly. redballooninc.com and Jennifer Maggioremake no representations as to accuracy,completeness, currentness, suitability, or validity ofany information on this site and will not be liablefor any errors, omissions, or delays in thisinformation or any losses, injuries, or damagesarising from its use. All information is provided onan as-is basis and does not constitute legaladvice. Please seek the advice of yourorganization's legal counsel when makingdecisions about your organization's guidelines,policies, training, hiring and terminating when itcomes to legality and social media.


2

redballooninc.com

introduction

1935: NLRA passed into law1996: HIPAA passed into law1997: 1 million websites online2014: Kathryn Knott

redballooninc.com

social media timeline

1997 20031 million websites,AOL IM

Myspace and Linkedin Launch

20058 billion websites,Youtube launches

201485% of world’s 7 billion people have access to the Internet

almost 75% of Internet users engage in some form of social mediaFacebook has over 1 billion users, roughly the population of China

1998

Google launches

2004

Facebook launches at Harvard

2006

Twitter launches,25 billion websites,Google has 4 million searches per day


3

redballooninc.com

18-24 year olds are twice as likely to use social media for health relatedconversations than 45-54 year olds

Only 31% of health care organizations have documented social mediaguidelines

the issue

40% of consumers said that informationfound through social mediachannels affects the way they dealwith their health.

~Mediabistro

redballooninc.com

why now

DC Interactive found in a poll that 60% of physicians say social media improves the quality of care delivered to patients

70% of adult internet users in the US have aFacebook account

25% of adult internet users in the US have aTwitter account

More than

More than


4

redballooninc.com

why nowAccording to the Institute for Health, only 31% of healthcare organizations have social media guidelines

MedTechMedia found that 1/3 of all healthcare professionals are using social media for networking

2/3 of doctors use some form of social media for professional purposes

redballooninc.com

HIPAA Refresher

Passed into law in 19963 provisions: Portability Provisions

Tax ProvisionsAdministrative Simplification Provisions

Health Insurance Portability Accountability Act


5

CASE STUDY

The Story

Lesson

redballooninc.com

Cheryl James, RN

Registered Nurse at Oakwood Hospital inMichigan who treated police officer and hisshooter

Employees may believe posting about patients is permissible:1. On their own devices2. On their “off” time3. On their personal profiles

•

posted about the shooter, wished, “he’d rot in hell” on her Facebook page

2010•

•

CASE STUDY

The Story

Lesson

redballooninc.com

Kathryn Knott, ER Tech

Case currently ongoing

Never assume employees will use the same good judgment that you would

2014•

Kathryn Knott arrested for assault•

HIPAA violating posts discovered on twitter•

•

•


6

CASE STUDY

The Story

Lesson

redballooninc.com

Nursing Home Abuse via Social Media

Posting photographs or videos of residents without proper written authorization can result in a HIPAA violation and trigger HIPAA breach analysis and reporting requirements.

State Survey Agency Directors to survey “nursing home policies and procedures related to prohibiting nursing home staff from taking or using photographs or recordings in any manner that would demean or humiliate a resident(s),” including posting on social media.

•

•

redballooninc.com

training employees and leadership

separate training for employees on avoiding HIPAA violations

training for leadership on social media, HIPAA violations and NLRA violations

give leadership the tools they need

must by credible and knowledgeablecan / can't or will / won'tcreating a culture of compliance - culture is made up of what we reward

include training on codes of conduct


7

redballooninc.com

common myths

Violations are not excused when using personal devices / on personal time/when posted to personal profiles

It is never ok to divulge any piece of information about any client (all data may be consider PHI)

Verbal consent from patients is not valid

Never assume that one unprofessional or violating post will "get by"

My post will "disappear" (think Snapchat)

There is no such thing as anonymity online

redballooninc.com

discovering a violation

Usually reported by co-workers

May involve manager it is reported to or HR

Document what directors, managers, supervisors and HR should do in case of report


8

redballooninc.com

social media guidelines highlights

Suggest employees post disclaimers; protects them and organization (cannot be required)

Human Resources should use special care in situations involving social media

Every healthcare organization should have a set of social media guidelines in place, both for marketing staff who use social media as part of their daily duties on behalf of the organization, and for the general personal use by employees

Human resources, compliance officers, legal departments, executives, managers and directors should receive specialized training to understand what they can and cannot ask of employees

redballooninc.com

new for 2016

Periscope live streaming

Protecting employee privacy from patients’ use of social media

Shift in attitude about due diligence


9

redballooninc.com

Thank you

The Healthcare Executive’s Guide to Social Media

[email protected](480) 270-5395ceo, red balloon inc

Understanding the Role of HIPAA and NLRA in Social Media

Jennifer Maggiore

Email Jennifer to receive your guide as well as scheduling your 15 minute consultation.

the role of hipaa in your social media guidelines · hcca clinical practice compliance conference...

Documents