Avoiding HIPAA ViolationsPatient privacy protection is a growing epidemic and concern which

Table of Contents

Avoiding HIPAA ViolationsPatient privacy protection is a growing epidemic and concern which forced Congress on August 21, 1996, to enact the Federal Health Insurance Portability and Accountability Act. The purpose of this law is to protect patient privacy in healthcare plans, healthcare facilities, Providers and electronic medical information. Unfortunately, there are individuals who take drastic measures to obtain a patient’s private information. Gone are the days when patients felt comfortable knowing that only their Physician or health care facility has access to their medical information. Over the years the trustworthiness patients had in the healthcare system and their physicians diminished as confidentiality and privacy were no longer secure and patient’s information was easily accessible and sometimes shared directly and indirectly with others.In September 2018, a Pediatric Nurse who worked at a Texas Children hospital violated the HIPAA law by posting several comments on social media regarding a young child who had the measles. The nurse continued her comments and went on to state that a vaccination could have prevented the measles and the boy’s case was worse than she expected. This nurse continued to expand on her posting. She explained that witnessing the boy hurting the way he did was rough.Her Facebook post made reference to her being a mom as she shared her opinion, eluding to the fact that she was anti vaccination but as a parent she understood how vaccinating out of fear could occur to give the boy some relief. Ironically, measles disease is a rare illness in Texas. Even though the nurse’s Facebook post did not divulge any personal identifiers about the child, her place of employment was visible on her profile which could have made it easy for anyone with an inquisitive mind to hone in and identify who the boy was.Once the hospital officials where she worked found out about the posting, they investigated and suspended the nurse. The nurse later realized that she overshared on social media and deleted her Facebook posts.A few days after her suspension, the nurse was terminated for violating the HIPAA laws and the hospital policies by posting private patient information on social media. The HIPAA laws restrict and protects the sharing of patient personal information which can easily be used to identify the patient. Even though the violation in this case did not name the boy or provide explicit patient details, the fact that the nurse’s place of employment was on her social media profile this could be used to identify the child. This violation was avoidable and preventable if the nurse did not list her place of employment and refrained from posting work related information on the internet. The Hospital should have trained their staff on social media HIPAA laws. The training should have been included in all new hire class to bring awareness before an employee is officially in their new role. There should be a clear outline of what is acceptable social media use. It would have been of great benefit to the organization if all training class included a semi-annual HIPAA refresher training. If the hospital had taken proactive steps such as requiring all social media posts to be approved by their legal team prior to posting this would have prevented this mis use of social media. Social Media is a highly used public platform and some employees may not be aware that what they are sharing is illegal and violates not just company policy but Federal or State laws. The hospital should have a social media team on staff to track employee social media online activities which can save the company from fines and embarrassment as a result of employees posting sensitive or private information. While technology continues to advance, social media platforms have gained an overwhelming number of followers and traffic. People are willing and feel comfortable sharing and oversharing information without knowing the repercussions of their actions. In this case, posting on Facebook can have damaging effects on an individual or an organization. Social media sites should also be held liable for allowing such postings. Better filters and monitoring tools to prohibit postings which violate laws should be implemented. The HIPAA law was enacted prior to social media’s popularity, it may be time to amend the law to include and hold social media sites accountable for HIPAA violations.There is a correlation between HIPAA compliance and ethical behavior. The HIPAA mandate changed healthcare providers behavior and forced them to think about how to transit private patient information, exercise better judgement and provide quality care to patients. The HIPAA law is based around principles and values and holding healthcare professionals, hospitals and other healthcare entities accountable to abide by the law and do the right thing for the patient population. There are penalties and jail time associated with HIPAA violation. The fine ranges from $100.00 to $250.000. The penalty charges for the 1st violation is miniscule compared to a repeat violation charge where the fine is significantly greater and could include jail time up to 10 years.References CitationBiscobing, J., & Sutner, S. (2017). HIPAA Health Insurance Portability and Accountability Act. Retrieved November 24, 2018, from https://searchhealthit.techtarget.com/Texas Nurse Fired for Social Media HIPAA Violation. (2018, September 07). Retrieved November 24, 2018, from https://www.hipaajournal.com/texas-nurse-fired-for-social-media-hipaa-violation/HHS Office of the Secretary,Office for Civil Rights, & OCR. (2013, July 26). Summary of the HIPAA Privacy Rule. Retrieved November 24, 2018, from https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html