Data Breach, Education, HIPAA / HITECH Enforcement, Social Media, Tip of the Week

What do Facetime, Vine, Tango & Fring have in common? Simple sharing could mean dangerous data breach for healthcare providers

Technically astute healthcare providers are already aware of the mines in the minefield of social media, but nowadays even a simple video chat could blow up in a healthcare provider’s face. There are many new applications (apps) available for iPhones, android phones, and tablets. These solutions can make it easier for nurses and other healthcare staff to network, share news, and keep in touch. Social media sites can be a great way for nurses and other healthcare pros to network and share news but when it comes to specifics, healthcare providers should not use social media to share health information that could be linked to any individual patient – that includes names, pictures and physical descriptions — without the patient’s consent. The Health Insurance Portability and Accountability Act (HIPAA) and state privacy laws expressly protect individuals who are patients of healthcare providers.

There have been documented unprofessional postings, and reports of photos being taken with mobile devices that are a violation of the patient’s privacy. This information, which has the possibility of being linked to an individual person, could include names, pictures, or a physical description all without the patient’s consent or knowledge. Beyond sharing specific information, many healthcare providers are probably aware of the potential risks of using social media especially when it comes to connecting with patients online such as “friending” patients on Facebook or linking on LinkedIn. Generally, accepting such an online request doesn’t mean consent for sharing even a simple detail like acknowledging that the patient is a patient.

These precautions extend to the array of new apps for video chatting and sharing videos for free using WiFi connections, including Facetime, Vine, Tango, Fring and others which nurses and other might be tempted to use for not only interacting in a social way with patients but for consultations.The warning in a word: Don’t.

A video – even without a face – could provide information that identifies a patient, and many WiFi connections are not secure and are at risk for being intercepted. Such a data breach would be a clear violation of HIPAA requirements. Vine, for example, is a mobile app from Twitter that allows users capture and share short looping videos. Like Tweets, the brevity of videos on Vine (6 seconds or less) inspires creativity but they are entirely searchable and public. Tango allows users to share text messages, photos and videos with other users and the privacy policy on Tango’s website clearly states:

 “If you choose to do so your text messages, photos, videos and other communications will be stored on our servers. In addition, if      you choose to share these items with other Tango users, we may not be able to remove them from our servers or make them         unavailable to anyone you have shared them with. … By choosing to share that information, you should understand that you may no longer be able to control how that information is used and that it may become publicly available (depending in part on your actions or the actions of others with whom you have shared the information).”

However, if managed appropriately with a social media policy, technology is a great tool for patients to use, as well as nurses for patient education. Technology can also be used to access the internet on a mobile device to research evidence-based practice and provide up to date nursing intervention. It is important to ensure professional boundaries are in place and within the scope of the state nurse practice act, company policy and procedure, state laws, and federal laws. The nurse must be accountable and reminded of consequences including jeopardizing their license.

Full color laptop tablet Some social media tips for nurses and other healthcare professionals:

• Draw clear lines drawn between interactions as a healthcare provider and those as a friend.
• Consider creating separate personal and professional social networking accounts.
• Do not share protected information using applications that could be compromised.
• Use secure internet connections for video chat and video sharing with patients.
• Even without a name or face, when posting a picture or video as information to others (i.e., “here’s what a suspicious mole looks like” on a fan page or “here’s how my patient’s skin condition presents” to a colleague), get the patient’s permission in writing.

This posting is sponsored by RISC Management & Consulting, http://www.RISCsecuriy.com
Have questions or concerns? RISC Management and Consulting can help. Contact us today.

References
Baker, D. (2013). Social networking and professional boundaries. AORN Journal, 97(5), 501-506. doi:10.1016/j.aorn.2013.03.001
Fringland Ltd. (2013). About Fring. Retrieved from http://m.fring.com/about
South University. (2013). The social media issue: Healthcare professionals and social networking. Retrieved from http://source.southuniversity.edu/healthcare-professionals-and-social-networking-33211.aspx
TangoMe Inc. (2013).Welcome: What is tango? Retrieved from http://www.tango.me/how-to-tango/
Vine Labs Inc. (2013). Social networking: Vine description. Retrieved from https://itunes.apple.com/us/app/vine/id592447445?mt=8

Advertisements