Can I Tweet This? Social Media and HIPAA Violations

If a patient disclosed private information, would you tweet about it? Probably not. But posting a selfie at work is harmless, right? 

Unfortunately, HIPAA violations on social media aren’t uncommon. And violators may not even know they’re posting something inappropriate. But a careless post could be costly, ranging from $100–$50,000 per incident. 

For this reason, healthcare instructors must teach their students to stay HIPAA compliant —especially on social media. 

Download your free copy of 5 Tools to Take the Headache out of HIPAA Training

Common HIPAA Violations on Social Media

Social media platforms such as Facebook, Twitter, Reddit, and Snapchat provide an easy way to communicate. But students need to remember their professional obligations when connecting with others and posting online. Even a small violation could be devastating to a health professional’s career. 

The website Clinical Advisor shared an RN’s story violating HIPAA laws. The nurse was fired after posting about a toddler with measles in a private Facebook group. While the patient’s name wasn’t shared in the post, the nurse’s place of employment was listed on her profile. The patient was identified and the nurse was fired for a HIPAA violation. 

Because students are held to the same standard as licensed professionals, they must be aware of relevant privacy laws and standards on social media. After all, you wouldn’t want one of your student’s careers to end before it even started. To help your program avoid disaster, HIPAA Journal created a list of common social media HIPAA violations:

• Posting of images and videos of patients without written consent.
• Posting of gossip about patients (even if a name is not disclosed).
• Posting of any information that could allow an individual to be identified.
• Sharing of photographs or images taken inside a healthcare facility in which patients or PHI are visible.
• Sharing of photos, videos, or text on social media platforms within a private group.

Avoid Sticky Situations

Now that you know what HIPAA violations on social media look like, how can they be avoided? Here are 5 guidelines to teach your students:

Extend Your Existing HIPAA Policies to Social Media

Apply the same HIPAA guidelines learned in the classroom to social media. If you wouldn’t say it in public, don’t post it on social media.

Avoid Sharing Detailed Information

HIPAA violations can occur even if a name isn’t disclosed. Leave out any biographical information and identifying details when posting. 

Watch Your Images

A patient or their files in the background of a selfie could lead to serious trouble. Do a thorough scan of an image’s background before uploading it. 

Don’t Vent Online

While you’re bound to work with a frustrating patient from time to time, posting about it can lead to serious consequences. Find an outlet other than social media to voice your frustrations. 

Don’t Send Messages With Private Information

Facebook messages aren’t encrypted. Once again, if you wouldn’t say it in public, don’t send a private message. If you need to send a message with patient information, use a system that includes a patient portal. 

Remember that the second something is posted, it will always be discoverable on a server. Even the delete button can’t “take back” a post, comment, or photo. 

While HIPAA violations can (literally) be costly, they can also be avoided. Get your students into a new habit when they post on social media. Train them to make sure a post is compliant before uploading a selfie at work or ranting about a patient. Even if they’re just sending it to a friend or posting in a private group, a quick scan to make sure HIPAA laws aren’t being violated should become second nature. Because let’s be honest, no selfie or venting tweet is worth $50,000. 

If you’d like more ideas for teaching HIPPA rules, check out Teaching HIPAA Rules: 3 Keys to Success