Archive for May, 2012
A much-touted HHS/OCR ruling regarding a small Arizona cardiology practice underscores the importance of strong compliance with HIPAA privacy and security regulations. As we mentioned in our recent post “Physicians & Social Media: Responsible Online Patient Interactions” – protection of ePHI is paramount when communicating with patients via mobile technology. Note that the HHS Resolution Agreement mentions text messaging specifically (p. 8 & 9).
The Arizona practice failed in several key areas, not the least in training their employees properly on privacy and security compliance. The patients paid the price of privacy infringement, and the practice has paid much more than the $100,000 penalty fee – their violations have been referenced in a multitude of online publications and short blogs for over a month, now. For a small practice, such a blow to reputation can be devastating.
Healthcare, and indeed, any organization handling PHI, must assure the proper safeguards and vendor agreements are in place. HHS is paying attention to organizations of all sizes, not only the large health systems and insurance carriers.
Does your physician practice or medical clinic have a social media policy in place? Have your providers and in fact, the entire care and administrative staff undergone training on appropriate use of social media as it relates to healthcare and patient interactions?
While many healthcare providers are eager to engage with their patients via technology and reap the benefits of a more interactive relationship, physicians (and clinical staff) need to understand what’s appropriate and where to draw the line when it comes to social media.
Social media and medical or health information are a combination worth caution and preparation. Recently released policy guidelines from the Federation of State Medical Boards (FSMB) provide more information about what needs to be secured, as well as examples of what is and isn’t appropriate to share (i.e. PHI) via social media. Additionally, a November 2011 ECRI supplement goes into detail about social media and other risk control issues.
The evidence, unfortunately, indicates that physicians regularly breach online professionalism standards, if not also restrictions around PHI (recent Robert Wood Johnson Foundation and FSMB study). In fact, 92% of state medical boards report they’ve received violation of online professionalism notifications.
Before you post information about a patient or interact with them on Facebook or other online outlets, stop.
- Is the discussion / exchange occurring on a network or smart phone that is compliant with HIPAA and HITECH privacy and security standards?
- Do your staff and providers thoroughly understand your organization’s social media policy?
The world of social media broadens our horizons and helps us to connect more spontaneously. It can benefit you, your patients and your practice if done correctly, respectfully and securely.