Magnified by COVID-19, Social Media Posts Risk HIPAA Violations, Allegations of Abuse

By Nina Youngstrom

In a tweet that went viral, an emergency room physician complained about a patient with COVID-19 who had Thanksgiving dinner with 22 family members. The doctor posted that the patient told her everyone at the gathering had “developed symptoms, some severe.” There was backlash against the physician on Twitter from other physicians and others for shaming her patient, and the event wound up in newspapers.

“It’s really important to educate employees and contractors about what is and isn’t OK,” said Margaret Scavotto, president of Management Performance Associates in Saint Louis, who told the story of the now-deleted tweet. “We see a lot of health care professionals with a lot of followers, and they are in a unique position working on the front line of COVID-19, but we have to be careful.”

The use of social media has implications for HIPAA and, in the case of nursing homes, could potentially result in allegations of patient abuse, Scavotto said at a webinar sponsored by her company.[1] There’s also the risk of reputational harm. “I am seeing organizations using social media more” during the pandemic, she said. Hospitals and other covered entities are connecting with patients and families and providing information on COVID-19. But some employees may use social media sites, including Facebook, Twitter and TikTok, to share patient stories or vent about a range of things, including personal protective equipment (PPE). Their words and/or videos could violate HIPAA or social media policies.

Before covered entities post patient photos or any other protected health information (PHI), they must get a written authorization from the patient. The privacy rule is very specific about what must be included in the authorization. For example, the authorization must describe the PHI that will be used and disclosed and the person to whom the disclosure may be made. That’s different than a consent and liability waiver, which states something to the effect of, “I, John Smith, consent to Happy Holiday Nursing Home taking my picture and posting it to Facebook. I release Happy Holiday Nursing home from any liability involving said picture or posting”—and isn’t adequate for HIPAA compliance, Scavotto noted.

This document is only available to subscribers. Please log in or purchase access.
Purchase Login
 


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field

First name field cannot be blank!
Last name field cannot be blank!
We will send you an email that will give you access to this entire article.
Email field cannot be blank!
Enter a valid email!
Company field cannot be blank!
Enter a valid company!
Title field cannot be blank!

We're committed to your privacy. The Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA) uses the information you provide us to contact you about our relevant content, products, and services. For more information, check out our Privacy Policy.


About SCCE

The Society of Corporate Compliance and Ethics (SCCE) is a non-profit, member-based professional association. SCCE supports our members' work with education, news, and discussion forums. We are a community of leaders, defining and shaping the corporate compliance environment across a wide range of industries and geographic regions. In developing and maintaining effective ethics and compliance programs, our members strengthen and protect their companies.

952.933.4977

About HCCA

The Health Care Compliance Association (HCCA), is a 501(c)6 non-profit, member-based professional association. HCCA was established in 1996 and is headquartered in Minneapolis, MN. We provide training, certification, and other resources to over 10,000 members. Our members include compliance officers and staff from a wide range of organizations, including hospitals, research facilities, clinics and technology service providers.

952.988.0141

Facebook Twitter LinkedIn
Copyright © 2024 by Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA). No claim to original US Government works. All rights reserved. All information provided through this site, including without limitation all information such as the “look and feel” of the site, data files, graphics, text, photographs, drawings, logos, images, sounds, music, video or audio files on this site, is owned and/or licensed by SCCE & HCCA or its suppliers and is subject to United States and international copyright, trademark and other intellectual property laws. Any third party logos and/or content provided herein is owned by such third parties and is used by permission herein. Your use of this site to is subject to our Terms Of Use and Privacy Statement.
Cookie settings