Jackson Health Investigating Nurse Social Media HIPAA Violation

Jackson Health has launched an investigation into a nurse social media violation after photographs of a baby with a birth defect were posted on Facebook.

A nurse who worked in the neonatal intensive care unit at Jackson Memorial Hospital posted two photographs on Facebook of a baby with gastroschisis – a rare birth defect of the abdominal wall that can cause the intestines to protrude from the body. The photos were accompanied with the captions, “My night was going great then boom!” and “Your intestines posed (sic) to be inside not outside baby! #gastroschisis.” The disturbing images were posted on accounts belonging to Sierra Samuels.

The posting of images of patients on social media without first obtaining authorization is a serious breach of patient privacy. Photographs of patients are classed as protected health information and posting images on social media platforms, even in closed Facebook groups, is a violation of the Health Insurance Portability and Accountability Act (HIPAA) unless prior authorization is obtained from the patient.

HIPAA requires healthcare providers to provide privacy policy training to staff members. Training must be provided within a reasonable time after an employee joins a covered entity’s workforce and training must be regularly reinforced. The best practice is to provide refresher HIPAA privacy training annually. A sanctions policy must also be developed and implemented that clearly states the sanctions employees will face if they violate the HIPAA Rules.

After being alerted to the social media posts Jackson Health launched an investigation into the privacy violation and immediately placed the nurse on administrative leave pending the outcome of the investigation. “Protecting the privacy of our patients is always a top priority at Jackson Health System. Any potential privacy breach is taken seriously and thoroughly investigated,” said a spokesperson for Jackson Health. Jackson Health also confirmed that when employees violate patient privacy, despite being educated, they will be subject to disciplinary action which may involve suspension or termination.

Update 9/30/2021: Jackson Health System has confirmed that following the investigation, Sierra Samuels was terminated for the privacy violation.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.