Practice/Patient Privacy Policies Can Prevent Financial, Reputational Or Other Harm
Dental assistant, phlebotomist, hygienist, front office…any other practice employee is new on the job. They are excited and want to share their new position with their social media network. They snap a selfie or two to share the moment, then send it off to Facebook, Instagram, Twitter and Snapchat, with the click of a button, in just seconds. Problem?
Perhaps this is not a new employee. Maybe they’ve been with you quite a while, part of the “family”…through ups and downs – lately, mostly downs – had a challenging time at home last night, and are feeling a tad frustrated right about now. He/she picks up their smart phone, puts on their best “exasperated” face, snaps a selfie, and captions it with a summary of their frustrated state of mind, off it goes to the interweb. Not a problem, right!?
How about this… end of another great day at work. Back office had a great day of production, met a team goal, and bonus is on the horizon. “Let’s all huddle together for a group photo and sharing the love with a few thousand of our best friends online”!? More “likes”, “follows” on our Insta and Facebook page(s)! So much awesome!
Okay…pump the brakes!!
Now, let’s think about…HIPAA
On its own, a work selfie may amount to bad judgment and a violation of your company’s cell phone policy.
But, what if there happens to be protected health information in the background…a patient in the operatory? Is there a open nurse kiosk screen in the background? What about a patient’s name placard on a door? Or a rounding white board with patient status or surgery information? When your employees are excited or frustrated, are they more or less likely to notice these items as HIPAA hazards?
HIPAA isn’t the only risk. Selfies that incorporate patients can violate privacy laws. Also, in nursing facilities, CMS considers photos or videos of residents that are demeaning or humiliating to be abuse. While it is less likely and more extreme for selfies to include abusive context (which typically require intentional conduct), it DOES happen, more than you might think!
In July 2016, a paramedic team was arrested and faced criminal charges after they engaged in a selfie “war” by text. They competed to take the most shocking pictures of themselves with patients in compromising positions. We’ve all seen this on You Tube, Facebook, etc.
Now…what you can do?
Confronting the force of social media can seem taunting, but providers have had great success with social media compliance culture campaigns. Employees must understand that their phone might be their personal property, but HIPAA privacy laws and abuse laws apply when they use it at work.
Staff needs to be mindful of their surroundings and background if they are using their phones at work (and, of course, if this is permitted under your policies). Remind them that taking, with some very limited exceptions, a picture of a patient is never okay – even if the patient is in the background. This sounds obvious, but countless employees have made headlines by inadvertently making this mistake. Additionally, even taking a picture with the patient’s “Sure” as an approval can get you in hot water!! You MUST always…ALWAYS secure and retain a patient’s WRITTEN release to post ANY images with their likeness!
Educate employees and create a policy that informs your entire staff that inappropriate photos can violate privacy laws, constitute abuse, and lead to license discipline, criminal charges and lawsuits. Make sure they understand what’s at risk!
Finally, make the message pervasive. Not just at hire and once a year. ProPublica has posted 65 examples of inappropriate social media posts by nursing home staff since 2017. In many of the examples, the home had a social media policy. Social media use is rampant. Your social media compliance campaign should be, too!
If your medical/dental practice hasn’t created a social media/HIPAA compliance policy #weshouldtalk