/ /

  • linkedin
  • Increase Font
  • Sharebar

    HIPAA in the age of social media

    Ensuring you and your practice stay compliant on social media platforms

    Human beings are social creatures. We take tremendous pleasure in sharing our world with others. There is no better evidence than to look at the social media revolution that has taken place over the last few years. Often, when we see something cool, we want to share it with other people. As healthcare providers in an age where digital information can be just as viral as the viruses we treat, it is of the utmost importance to understand the implications of our social media posts.

    So where does sharing something cool become troublesome? When you violate Health Insurance Portability and Accountability Act of 1996 (HIPAA). Social media has the power to amplify somebody’s lapse of judgment to the point where the content is seen by millions around the world in just a matter of minutes. Prior to social media, the error may have not spread to much more than a handful of people—often avoiding implications—it now is often brought front and center to the public’s regulatory eye. It becomes very easy for a potential HIPPA violation to occur and get noticed. It is quite impressive that upon HIPAA creation, disks were floppy and websites were rag tag, and we now find ourselves in the midst of massive multi-million dollar penalties served to entities violating the act. 

    How to handle a bad online review

    According to U.S. Department of Health and Human Services, HIPAA called for the establishment of standards and requirements for transmitting certain health information to improve the efficiency and effectiveness of the health care system while protecting patient privacy. This means that because protected health information is a major HIPAA theme, it needs to be accurately defined. Defined in the law, “health information” means any information, whether oral or recorded in any form or medium, that:

    “(A) is created or received by a healthcare provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse; and

    “(B) relates to the past, present, or future physical or mental health or condition of an individual, the provision of health care to an individual, or the past, present, or future payment for the provision of health care to an individual.”1

    What does this mean for you?

    So for the average OD, what does HIPAA mean? Most impactful, the Privacy Rule will require optometrists to inform patients about how their information can be used and what their privacy rights are. It also means setting up and implementing privacy procedures for our practices that outline and detail how a patient's protected health information (PHI) is appropriately used and adequately protected. An employee will need to take responsibility that this procedure is adopted and adhered to. For most of our small private practices, an office manager or other responsible employee will work fine. This person can also serve as a contact for handling complaints and HIPAA concerns.  An employee must review these policies and document they understand. For most small private practices, this will suffice as adequate employee training. Finally, the patient’s records need to be secured. The authoritative source for guidance is http://www.hhs.gov/ocr/privacy.2

    Next: How to avoid a HIPAA violation

    Justin Bazan, OD
    Dr. Justin Bazan is the owner of Park Slope Eye in Brooklyn, NY. He serves as a spokesperson to the Vision Council and is on their ...


    You must be signed in to leave a comment. Registering is fast and free!

    All comments must follow the ModernMedicine Network community rules and terms of use, and will be moderated. ModernMedicine reserves the right to use the comments we receive, in whole or in part,in any medium. See also the Terms of Use, Privacy Policy and Community FAQ.

    • No comments available

    Optometry Times A/V