Breaking Compliance News Blog

Social Media Snafus: Keep Your Staff HIPAA Compliant

Posted by Margaret Scavotto, JD, CHC on 10/18/18 6:59 AM

An EMS worker gave CPR to a man who suffered a heart attack in his chicken coop. The EMS worker later posted on Facebook: "Well, we had a first... We worked a code in a chicken coop. Knee deep in chicken droppings."

A medical student who helped deliver a baby posted to Instagram a selfie of himself next to the mother's genitals.

A hospital employee appeared in a photo flipping off a newborn baby, with the caption: "How I currently feel about these mini Satans." The photo was shared 185,000 times on Facebook.

A pediatric ICU/ER nurse discussed a child's measles diagnosis on a Facebook page, before the measles case was announced to the public.

What do these stories have in common?

They're true. They involve disrespect to patients. They potentially violate HIPAA. They likely caused their organizations' privacy officers to pour hours into analyzing whether patients needed to be notified of a breach of HIPAA or other privacy laws. And, they made news headlines, creating a sizable PR problem for each provider involved.

Would your employees do this?

Your employees have Facebook, Instagram, Snapchat and Twitter accounts. They text. How many times do you think your employees text and post to social media every day? 

How often do you train staff on how to use social media without violating HIPAA (or disrespecting patients)? Once a year? Is your training frequent, helpful - and memorable - enough to ensure your employees get this right?

Help your employees use social media appropriately.

  • Implement a social media policy.
  • Train employees to recognize PHI.
  • Use examples. Help your team understand how seemingly innocent posts can violate HIPAA.
  • Train some more! Keep HIPAA and social media top of mind.
  • Encourage staff to report violations of the policy. This will allow you to research potential breaches and mitigate them swiftly.

Taking on the unstoppable world of social media might seem impossible. But it's better to help employees use it properly--and know when they aren't--than to cover our eyes and wait to hear it from the patients (or the media).

New Call-to-action

Read More

Topics: Social Media, HIPAA

Social Media Snafus May Lead to Policy Changes, Creative Training

Posted by Margaret Scavotto, JD, CHC on 3/15/18 6:22 AM

This month, HCCA's Report on Medicare Compliance published an article featuring Margaret Scavotto's comments on the HIPAA risks of social media for healthcare providers:

Read More

Topics: Social Media, HIPAA

Tweet, tweet: Resident abuse takes a new – and dangerous—form

Posted by Margaret Scavotto, JD, CHC on 8/16/16 3:14 PM

CMS recently issued guidance to its state surveyors, explaining that nursing home resident abuse occurs when staff take pictures or recordings “in a way that would demean or humiliate a resident(s).”

That’s just common sense: Nobody should have their picture or video taken when they are in a nursing home, and perhaps asleep, or in a compromising position. I doubt anyone would argue with CMS’ position that such unauthorized images constitute mental abuse when they are demeaning or humiliating. And yet, any provider who has attempted any degree of social media compliance knows this is a real problem.

Nursing homes and other providers are already climbing the seemingly insurmountable mountain of social-media-posts-turned-HIPAA-violations. Our increasingly younger workforce is walking the halls with 683 (or more, if you use Facebook more than I do) Facebook friends in their back pocket. Or waiting in their locker. Or their car. Many of these people are walking your halls thinking: “What can I share about my day tonight? What will get the most ‘Likes’? What will really put me at the top of the Newsfeed?” Social media posts and texts ranging from innocent to malicious have tied many Compliance and Privacy Officers up in hours-long breach investigations. Now, every tweet, post, text and snap involving a nursing home resident also needs to be treated as a potential abuse allegation.

Starting in September 2016, CMS surveyors will review every nursing home’s policies, to see if they “prohibit staff from taking, keeping and/or distributing photographs and recordings that demean or humiliate a resident(s).” CMS outlines the steps nursing homes must take in order to do well on this survey – and meet expectations for preventing this type of mental abuse:

  • Implement policies and procedures prohibiting abuse. These policies need to address mental abuse arising from demeaning or humiliating pictures or recordings.
  • Train staff on mental abuse arising from these pictures or recordings.
  • Take training one step further and “provide ongoing oversight and supervision of staff in order to assure that these policies are implemented as written.”
  • Treat these incidents of mental abuse as any other abuse allegation: with investigation and reporting.

A policy and training are crucial – and required by CMS – but they won’t be enough. Social media compliance requires a culture campaign. Social media is top-of-mind and omnipresent for your staff. So must be your efforts to motivate staff to use social media wisely. Has your organization launched a social media compliance campaign? Do your staff understand that posting or texting pictures of patients can result in license discipline? Jail time? How often do your staff receive reminders about appropriate social media use? Often enough to be as memorable as that next Facebook post opportunity? Make social media part of the compliance conversation, and you will help your staff use social media wisely, and convert social media from a liability to an asset.

New Call-to-action

Read More

Topics: Social Media

Are your employees tweeting their way to a HIPAA violation?

Posted by Margaret Scavotto, JD, CHC on 3/2/14 3:25 AM

Like it or not, social media use in the workplace is inevitable. A report by SilkRoad Technology found that 75% of employees check personal social media at least once a day on their mobile devices during working hours, and 60% access it multiple times.

Read More

Topics: HIPAA, Social Media

HIPAA penalties & social media: Do you trust your employees?

Posted by Margaret Scavotto, JD, CHC on 9/12/12 12:00 PM

It's no secret that the HIPAA hammer is here to stay. The HITECH Act of 2009 increased HIPAA penalties, and the Federal government has been doling them out liberally. As the use of social media expands, health care providers and their employees need to consider the consequences of posting information that could identify a patient. These consequences include penalties under HIPAA, privacy laws and even criminal laws...and making the headlines.

Read More

Topics: Penalties and Enforcement, HIPAA, Social Media

    Privacy Policy           Terms of Use