Protected Health Information (PHI) is any information related to the health status of an individual transmitted in any form of media, whether electronic, paper or oral. It includes information that relates to the individual’s past, present, or future physical or mental health, the provision of health care, or payment for that provision (U.S. Department of Health and Human Services, 2013). This information is protected by the Privacy Rule under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
With the rapid rate of technology integration in health care, privacy, security, and confidentiality of patients’ personal information have become the primary concern of medical organizations. The most common violations of patient privacy include inappropriate release of information and unauthorized access to information (Drolet, Marwaha, Hyatt, et al., 2017). In other words, someone posts something that should not be disclosed or gets access to patient personal information. Although in most cases it is done involuntarily, each case is investigated, and sanctions are usually applied. HIPAA violation penalties for nurses who breach HIPAA rules can range from disciplinary action to termination, financial penalties, and imprisonment (The HIPAA Guide, 2017). The monetary penalty is usually applied to the organization, with the highest possible fine being $50,000 per violation.
Hospitals are now concerned with the development and implementation of strategies based on interdisciplinary collaboration to safeguard sensitive electronic health information. They include the development of guidelines aimed at all positions within the team, education programs, and policies governing employee use of electronic devices and social media (Drolet, Marwaha, Hyatt, et al., 2017). Each member of the team should be aware of the rules and the consequences of violation, and the management should be responsible for the adherence to the guidelines.
Social Media at Workplace: What Not to Do
- Do not take photos or videos of patients using your personal devices. Any images required for treatment-related purposes should be authorized by the hospital administration and taken using employer-provided devices.
- Do not transmit by way of any electronic media any patient-related images or any information that can be considered as a violation of the patient’s rights to privacy.
- Do not share, post, or distribute any information, images, or videos about a patient unless there is a medical need or legal obligation to disclose it.
- Do not identify patients by name or post any information that may lead to the identification of a patient. Your knowledge of a patient is restricted to hospital only.
- Do not contact patients using social media unless absolutely necessary. Nurses are obliged to establish, communicate, and maintain professional boundaries with patients in the online environment (Stroehlein & Bayer, 2016). Online contact blurs the distinction between a professional and personal relationship and should be managed carefully. It is advisable to inform your team leader of any unnecessary contact with patients.
- Do not neglect the breaches of confidentiality and privacy and immediately report them to the hospital security team.
- Do not violate the organization’s policies regarding the use of employer-owned electronic devices and the use of personal devices at the workplace.
- Do not make any inappropriate remarks about employers or colleagues on social media. Do not make threatening, harassing, obscene, sexually explicit, racist, homophobic, or other offensive comments.
- Do not post content or speak on behalf of your employer unless authorized to do so.
Drolet, B., Marwaha, J., Hyatt, B., Blazar, P., & Lifchez, S. (2017). Electronic communication of protected health information: Privacy, security, and HIPAA compliance. The Journal of and Surgery, 42(6), pp. 411–416. Web.
Stroehlein, M., & Bayer, T. (2016). Social media and nursing today. SOJ Nursing and Health Care, 2(2), pp. 1–3. Web.
The HIPAA Guide. (2017). What are the HIPAA violation penalties for nurses? Web.
U.S. Department of Health and Human Services. (2013). Summary of the HIPAA Privacy Rule. Web.