Breaking Compliance News Blog

“That’s so cute!” (if there’s a HIPAA authorization)

Posted by Margaret Scavotto, JD, CHC on 6/14/22 11:17 AM

Find me on:

going viral


Are you on TikTok?
I’m not (although I hear it’s worth it for the air fryer recipes).
But everyone else is, including an increasing number of healthcare professionals and healthcare providers.
Social media use increased during the early pandemic days as a way to connect with the world from inside locked down facilities. It also brings a healthy dose of levity.
For example:
  • A nursing home’s videos of residents enjoying therapy dogs Floyd and Loki went viral on TikTok. 
  • Last Thanksgiving, one nursing home’s TikTok video of the administrator dressed as a Thanksgiving turkey went viral. 
  • In a Scotland nursing home, a 102-year-old resident ‘s daily exercise dance routine – done with two nurses – was posted to TikTok. In the video, the resident and two of his caregivers are seen dancing. The home claims the videos “have been a great way to get the residents up and moving, and they’ve loved taking part.”
I love these videos! They are so cute. And they are okay to use – IF the patients signed a valid HIPAA authorization before the videos were taken.
Without a HIPAA authorization, the cute factor fades, and we are left with a potential HIPAA breach to investigate.
Thinking of going viral? Have fun – but make sure everyone involved understands the HIPAA consequences.

What you can do:

Continue to look for creative ways to use technology to keep people engaged during the pandemic – but also keep HIPAA at the forefront as you expand the use of technology to the latest social media craze:
  • Do not post any patient-specific information to social media without first obtaining a HIPAA authorization. This includes all pictures of patient includes one captured in the background. Photo bombs are not a HIPAA exemption.
  • If you have not already done so, implement a social media policy that specifically addresses HIPAA compliance.
  • Prior to using a new social media application, evaluate the risks with your HIPAA Security Risk Analysis process and mitigate any risks with an new or updated social media policy.
  • Maintain close communications between your HIPAA Privacy and Security Officer, and your marketing or public relations personnel. All marketing and PR communications and programs should be vetted for potential HIPAA risks.
  • Don’t overlook activities, social services or volunteers – they may be involved with social media.
  • Regularly review your organization’s social media activity to ensure it is HIPAA compliant.
  • Train staff about appropriate social media uses during COVID-19 – the HIPAA stakes are higher during a pandemic.
  • Get a HIPAA authorization before taking a picture or posting about a patient.

Margaret Signature 2020


download free hipaa resource guide-1



Topics: Training and Education, HIPAA, Social Media, security, privacy

    Privacy Policy           Terms of Use