Skip to content

Eastern Illinois University

855-771-7142 855-771-7142
search search

How Nurses Can Avoid HIPAA Violations on Social Media

Since its inception, social media has become integrated into daily life for most Americans. From connecting with friends and family to catching late-breaking news, you're probably spending a portion of your day liking and sharing on multiple social media platforms.

For nurses, it is normal to share photos of the holiday party or a group pic of you and your co-workers. But use caution in regard to patients. There is great risk for unintentionally violating patient privacy via social media.

HIPAA: Designed to Protect Patients

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was created to protect patient health information (PHI) when transmitted electronically. The original intention was secure patient data exchange between healthcare providers, insurance companies and other health-related vendors. It now includes patient privacy and access to their PHI.

HIPAA protects consumers. Patients must grant permission for healthcare providers to access, store and share PHI. The trust given by patients in accordance with HIPAA is very clear when it comes to medical records.

Social Media: Complicating Patient Privacy

With camera phones in every pocket and easy access to post on social media, all it takes is a small error in judgment for nurses to violate a patient's privacy. Posting a photo of your favorite patient with an inspirational tidbit about their struggle strips away anonymity and most likely violates your workplace's policies.

Nurses are trusted by patients and have a responsibility to protect their information. It is better to be safe than sorry with PHI.

Here are some recommendations to safeguard your patients, employer and career while using social media:

  1. Do not discuss the health of patients on social media or anywhere else online. Nurse.com also advises against mentioning identifiable co-workers or listing your employer on your personal social media accounts.
  2. Do not post photos or videos of patients, even if they give you verbal permission. If your patient asks you to take photos or video, see if their friends or family can capture the moment. Your focus is patient care.
  3. Do not blur relationships. You may get to know patients over their course of treatment and these relationships can become very friendly. However, RN.com warns that social media can blur the boundaries between professional and personal relationships. Current and former patients are protected when social media relationships are curbed.
  4. Deleting a post does not mean all traces of the original post are gone. Screen captures are easy, and your post could be leaked or spread.

Penalties for Violation of Patient Privacy

Because nurses are trusted partners in patient care, they come into contact with a great deal of sensitive patient information. HIPAA Journal explains that each state's Department of Health and Human Services assesses fines when nurses violate HIPAA. Additionally, the state attorney general can levy the following fines for violations.

Compliancy Group breaks down the current tiers and fines as of June 2019:

  • Tier A covers unintentional violations of patient privacy where the nurse would've behaved differently if the potential infraction was clearer. Each violation is $100, with a cap of $25,000 per year.
  • Tier B focuses on willful neglect. The nurse may have known better than to post but wasn't intentionally trying to cause harm. Each violation is $1,000, with a cap of $100,000 per year.
  • Tier C is for those situations of willful neglect where the social media post was removed within 30 days. Each violation is $10,000, with a cap of $250,000 per year.
  • Tier D addresses situations of willful neglect where the post was not removed. Each violation is $50,000, with a cap of $1,500,000 per year.

Not only can nurses face fines from HIPAA violations on social media, but they can also risk their jobs by disregarding employer policies. HIPAA Journal reported on a nurse who was terminated for HIPAA violations after disclosing PHI loud enough that other patients could hear. The nurse pursued a wrongful termination suit, but the Kentucky Court of Appeals upheld the decision. Imagine the damage a screen shot could do before putting your career in jeopardy.

The smartest way for you to utilize social media is to completely separate your professional and personal lives. When representing your profession, stick to business. Social media can be great for your career, helping you find job openings, meet other nurses and learn about relevant career events, but be cautious. Concentrate on the professional benefits social media has to offer and eliminate risk of compromising PHI by leaving patients out of your online sharing.

Learn more about Eastern Illinois University's online RN to BSN program.


Sources:

HIPAA Journal: Why Is HIPAA Important to Patients?

RN.com: Social Media, HIPAA and You

Nurse.com: Avoid Social Media Pitfalls for Nurses by Maintaining Professionalism Online

HIPAA Journal: Termination for Nurse HIPAA Violation Upheld by Court

Compliancy Group: HIPAA Violation Penalties and Fines


Have a question or concern about this article? Please contact us.

Need More Info?

Submit the form below, and a representative will contact you to answer any questions!

*all fields required.
or call 855-771-7142 855-771-7142
By submitting this form, I am providing my digital signature agreeing that Eastern Illinois University (EIU) may email me or contact me regarding educational services by telephone and/or text message utilizing automated technology or a pre-recorded message at the telephone number(s) provided above. I understand this consent is not a condition to attend EIU or to purchase any other goods or services.