There’s no doubt that social media has become a significant part of everyday life, with users of all ages taking to it. It has also been incorporated more into workplace culture. Companies sometimes encourage employees to promote brands on social media.
For nurses, social media can be advantageous in several ways. It provides nurses with a forum to:
- Connect with the community
- Share health tips
- Attract new patients
- Announce new services offered
- Update the community on critical topics, such as COVID-19
However, nurses run the risk of potential HIPAA violations when posting to social media. An advanced degree in nursing can equip students with knowledge to utilize social media and technology without violating patient rights.
Keeping up With Change
When the Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996, social media was nonexistent. Smartphones came much later. Those who wrote the HIPAA parameters had no idea how the patient privacy landscape would change in the decades that followed.
The goal is HIPAA-compliant social media use among entities covered by the act, their business associates and employees. The following represent various ways nurses can avoid a HIPAA violation based on social media.
Best Practices for HIPAA Compliance
1)Maintain Complete Anonymity
At the heart of HIPAA is patient privacy. It’s unlikely that nurses would intentionally reveal a patient’s identity in a social media post, but they need to be hyper-aware of the type of information they’re sharing to avoid “oops” moments that can cost them their job or even their license.
The National Council of State Boards of Nursing (NCSBN) provides an example in its handbook, “A Nurse’s Guide to the Use of Social Media.” A young nurse requested permission to take a photo of her young leukemia patient. She wanted to publicly express why she was so proud to be a nurse. Unfortunately, she inadvertently left the patient’s room number visible in the photo, and the hospital was charged with a HIPAA violation.
The rule of thumb should be to avoid sharing any detail that could lead to patient identification, such as name, nickname, condition/diagnosis or room number.
2) Obtain Valid Consent
In the above example, the nurse did request permission from the patient, which is the right thing to do. It is important to note that nurses should always get written consent from their patients if they intend to share on social media. That consent needs to be from patients themselves, not a relative, partner/spouse or friend.
3) Adhere to Social Media Policies
Every healthcare institution must have a clear social media policy in place, with regular review and updates as social media continues to evolve. Periodic dissemination of the policy to all staff — from reception and back-office staff to nurses and C-suite executives – is crucial. Ideally, nurses should receive training on the policy before they start working for a healthcare facility.
4) Understand the Permanence of Social Media
A common misunderstanding is that deleting a post means there is no harm done. Even if a post is up for mere seconds and then removed, it still existed online. Beyond screenshots captured in the brief moments a questionable post is up, it has a trackable digital footprint. Per NCSBN’s guide, “The moment something is posted, it lives on a server that can always be discoverable in a court of law.”
An additional note: Even if you’re sharing posts within a private group, you would still be breaking the law if the post or any comments contained HIPAA-violating information.
5) Use Professional Devices, Not Personal Ones
While some social media policies may allow nurses to record video or take photos on their personal devices, NCSBN says it’s best to stick to employer-provided devices. This also helps preserve the professional boundaries nurses should already be maintaining with their patients. Any online contact or communication should never blur the lines between professional and personal.
6) Keep Thoughts to Yourself
HIPAA violations don’t just occur when a nurse posts something of their own accord. Comments and replies to someone else’s post, chat room gossip (even if it’s a private room) or leaving a review on a site like Yelp opens the door for potential HIPAA violations. The best advice is to keep thoughts about your patients to yourself.
7) Always Err on the Side of Caution
It can be tempting to share patient success stories or professional wins, but it is not worth risking a violation — and ultimately your career. Nurses are routinely fired for flouting HIPAA’s parameters, even if it was completely unintentional. That mark on your record can sully your career for the long term. In some cases, nurses have lost their license and even faced criminal charges. So, before you post or share anything, ask yourself: Is this really worth it?
Stay HIPAA-Mindful Always
Nurses learn about the importance of HIPAA throughout their education and training. They must consider every principle that applies to their daily patient care responsibilities, such as maintaining electronic health records or disclosing details to the appropriate people, when sharing social media posts. By keeping these best practices in mind every time you’re about to hit “post,” you’re safeguarding yourself and your employer from potential legal action.