Social Media and HIPAA
The time when social media involved only Facebook and Myspace has changed, and with that change comes a risk to healthcare providers for HIPAA violations. Not only can employees access patient information on their desktop and laptop computers, but they can also access it via their portable devices like smartphones and tablets. The addition of Snapchat and Instagram to the social media arena further expands the potential for breaches of personal health information (PHI) and violations of HIPAA rules. Social Media and HIPAA are closely related and their direct relationship needs to be addressed.
Recently, a news media poll conducted by CNBC found the “instant gratification” provided by Snapchat and Instagram was favored by younger millennials. The danger and concern for healthcare providers come from the medical personnel and employees working for healthcare providers who fall into this category of younger millennials. There is a misconcept
ion that content shared on these formats does not remain and that it disappears after the sharing. The fact is that Snapchat posts and Instagram stories are not temporary.
For example, it was believed that Snapchat had a security breach in 2014 where 100,000 photographs and videos were made public, and this had the potential of violating HIPAA rules. The breach did not occur on Snapchat servers; however, a third party site called Snapsave.com was identified as the source. There is still concern regarding applications that allow the user to save pictures, videos and information on their devices.
There are two ways that the relationship between social media and HIPPA intersect when using Snapchat and Instagram. The first involves an innocent posting by a person who has no awareness that what they are sharing has PHI. The other is when a person is knowledgeable that what they are posting is a violation of HIPAA regulations, but they post it because they think the content is temporary. Both of these violations are punishable under HIPAA.
Due to the popularity of these new social media platforms and the potential danger of PHI breaches that violate HIPAA regulations, healthcare providers need to educate their employees—especially millennials—who like to use Snapchat and Instagram that the things they post with the belief that they are temporary is a misconception and they should take steps to ensure that it does not happen.
