HIPAA Alert: Social Networking Cautionary Tales

One of the top areas of concern for HIPAA officials is the use – and misuse – of social networking sites by healthcare employees. 

Below are situations where social networking has collided with HIPAA rules and regulations:

• An ED physician in Rhode Island was fired, lost her hospital medical staff privileges and was reprimanded by the Rhode Island Board of Medical Licensure and Discipline for posting information about a trauma patient (minus her name) on her personal Facebook page. 

• An OB-GYN in St. Louis was disciplined after she vented her frustration on Facebook about a patient who was a continuous no-show. The OB-GYN responded to a question about why she continued to see the patient: “Here is the explanation why I have put up with it/not cancelled induction: prior stillbirth.”

• Two nurses took cell phone photos of a patient's X-rays showing a sex device lodged internally. One of the nurses posted the pictures on a social media site. Both nurses were fired and the case was turned over to the FBI for investigation.

• A few nurses that work together in a hospital emergency department were fired for discussing patients on a social media site. Even though they did not post any identifying information, they still violated the hospital’s HIPAA policy.

The Methodist Policy on Social Networking states:  “Employees may not communicate any material that violates the privacy or publicity rights of another. Information about patients, employees and job applicants is confidential and may not be communicated on social networking sites without prior written authorization.”  

Take care not to jeopardize patient privacy or your employment status with thoughtless posts on social networking sites. 

If you have any questions about what is or is not appropriate to post on social media sites, contact HIPAA Privacy Officer Tracy Durbin at 402-354-4901.