(917) 508-0181 info@rodinlegal.com

Stephanie Rodin - Practitioners and Social Media: My Selfie could be a HIPAA Breach??Social media has become prevalent in every aspect of life. Given this, it is important that practitioners are careful about how they and their employees use social media so as not to violate any HIPAA regulations.

The obvious solution is to enforce a no cell phone use policy for employees. This will prevent any employee from taking photos, videos or using social media on their personal phone during work hours. However, this may not be practical.

A less strict alternative would be to strictly prohibit photographs and the taking of video in the office, including the waiting room, lunchroom and treatment rooms. By restricting the use of cell phones, a practice may avoid unintentional breaches by employees.

For example, an employee innocently takes a selfie and posts it on Instagram. However, they did not realize that it contains patient information or an actual patient in the background of the posted photo. This is a HIPAA violation.

Another potential issue is someone using social media who is known as an influencer. An influencer is someone who has a significant number of followers on social media platforms, who recommends or supports specific brands. If the influencer is associated with the practice on social media, then the practice may become associated with this recommendation that the influencer is backing.

Here is an example of why this type of scenario can be dangerous for the practice:

An employee of a practice is asked to be a spokesperson for a type of new medication and uses the hashtag for the practice in the advertisement. The medication ultimately is found to be damaging to patients and was not approved by the FDA. If anyone took the medication as result of the influencer and their association with the practice, and was damaged, the practice may be at risk of liability.  

It is important that practices inform their employees of the parameters of utilizing social media, as they can unintentionally open the practice to liability and a potential HIPAA breach.

In an attempt to avoid this liability, practitioners should implement a comprehensive social media policy and consider training their staff on what constitutes a HIPAA breach. This preparation will hopefully mitigate any social media problems for the practice in the future.

Stephanie J. Rodin, Esq.Stephanie J. Rodin, Esq.
Rodin Legal, P.C.
Email: info@rodinlegal.com
Tel: (917) 345-8972
Fax: (917) 591-4428