View Page As PDF
Share Button
Tweet Button

Facebook, Twitter, Instagram, Snapchat, YouTube, blogs, webpages, Google+, LinkedIn… What do all of these social media outlets have in common? Each can get physicians in trouble under the Health Insurance Portability and Accountability Act (HIPAA), state privacy laws, and state medical laws, to name a few. It seems that all too often, news outlets are reporting data breaches generated in the medical community, many of which arise out of physicians’ use of social media, and most of which could have been avoided.

Physicians should be aware of the intersection of social media—both for personal and professional use—and HIPAA and state laws. Even an inadvertent, seemingly innocuous disclosure of a patient’s protected health information (PHI) through social media can be problematic.

It’s important to know which medical information must be de-identified before PHI is shared over social media. This includes:

  1. Names
  2. Geographic information
  3. Dates (e.g. birth date, admission date, discharge date, date of death)
  4. Telephone numbers
  5. Fax numbers
  6. E-mail addresses
  7. Social Security numbers
  8. Medical record numbers
  9. Health plan beneficiary numbers
  10. Account numbers
  11. Certificate/license numbers
  12. Vehicle identifiers and serial numbers, including license plate numbers
  13. Device identifiers and serial numbers
  14. URLs
  15. IP address numbers
  16. Biometric identifiers (e.g. finger and voice prints)
  17. Full-face photographic images and any comparable images
  18. Other unique identifying numbers, characteristics, or codes

The penalties for patient privacy violations (or even alleged patient privacy violations) are multifaceted. Not only can the federal government impose civil and criminal sanctions under HIPAA on the physician and his/her affiliated parties (e.g. physician’s employer), but states can also impose penalties. The patient may also sue the violating physician and his/her affiliated parties for privacy violations under state law. However, the reputational harm associated with an inappropriate post on social media is immeasurable, especially in light of the availability of information on the Internet.

Post with caution.