HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Facebook Sharing of Patient Info Sees ER Doc Fired

A doctor has recently been fined $500 by the State medical board after posting personally identifiable information about a patient on Facebook, a number of months after the incident caused her to lose her employment. This is a HIPAA violation that all healthcare professionals should take note of.

The doctor, Alexandra Thran, did not post the patient’s name in her post, which would be an immediate violation of HIPAA Rules, but she did post sufficient information to enable the person to be identified. Another individual who visited Thran’s Facebook page was able to determine the identity of the patient from the information she wrote on the page, even in the absence of the patient’s name.

The disclosure of Protected Health Information, which includes references to medical treatments as well as health records, along with Personally Identifiable Information (PII) can result in civil penalties being brought against the covered entity and any individual responsible for the HIPAA breach. The penalties can involve time in jail.

This is not the first incident of its kind. Nurses and doctors have been fired by their employers in California and Wisconsin for having social media discussions about patients via social media.

Please see the HIPAA Journal Privacy Policy

3 Steps To HIPAA Compliance

Please see HIPAA Journal
privacy policy

  • Step 1 : Download Checklist.
  • Step 2 : Review Your Business.
  • Step 3 : Get Compliant!

The HIPAA Journal compliance checklist provides the top priorities for your organization to become fully HIPAA compliant.

One problem is that users of social media are encouraged to share all manner of information with friends and relatives, yet in a work setting the potential for HIPAA violations means extreme caution should be taken. In this case the incident involved an ER doctor, and the conversation was not had with the patient. Some doctors may be choosing social media channels to interact with patients but there is considerable potential for a HIPAA violation.

With social media it is too easy to write something and regret it after it has been sent, but by that time it is too late and control of information released has been lost. To tackle the issue, it is essential that healthcare providers start to develop policies covering the use of social media, the sharing of PHI and communicating with patients through secure channels.

Social media use is only likely to grow, and with it so will the risk of causing HIPAA violations. It is better to train the staff on Privacy Rules and to set strict policies covering the use of Facebook and other platforms. Many hospitals have identified the risk and have taken action and put together policies for staff to make it clear on what is allowed and what is strictly forbidden. Children’s Hospital Boston, for example, has just developed a 6-page document detailing allowable uses of social media and do’s and don’ts, with many other hospitals now electing to do the same.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.