Health Information Management

Q&A: HIPAA and social networking

HIM-HIPAA Insider, November 10, 2009

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

Q: I am beginning to hear about HIPAA violations occurring on popular Internet sites (e.g., Facebook and Myspace). Do you have any guidelines or recommendations regarding the sharing of patient information and/or PHI in the healthcare setting? Retaining control of employee use of social networks is becoming increasingly difficult because healthcare workers access them on personal time away from work.
 
A: This is a challenge for many healthcare organizations. Those that have addressed it generally prohibit their employees from including any information about patients on their social network pages, even if patients have given them permission to do so. Some organizations also prohibit healthcare workers from linking to a patient’s social network page.
 
Individuals are free to disclose any information they choose on their social network pages, including their PHI. However, many healthcare organizations are sensitive about their employees linking to these pages because of the appearance of impropriety.
 
Editor’s note: Mary Brandt, president of Brandt & Associates, Inc., a healthcare consulting firm in Bellaire, TX answered this question in the November issue of Briefings on HIPAA.



Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

Most Popular