Social media has taken the world by storm, but there are many instances when it has been used inappropriately to abuse privacy. Hospitals, especially, are in danger of this – the privacy levels required in a hospital are high and social media breaks down all barriers of privacy. Social websites like Facebook and Twitter, video websites like YouTube and even blogs have made it easy to pass on information, and since there is no one policing the information, boundaries are crossed easily. The HIPAA Security Rule can be easily broken. Social media security has become very important. Information Security policies are required for HIPAA risk requirements.
Imagine a situation where someone is ill and has to stay in the hospital for a few days. Or where someone is diagnosed with something that people treat as particularly embarrassing, or that holds the threat of death. All it takes is for one person to post a message or a picture taken in the hospital of the patient, and in minutes, the whole world will be able to access the information. If malicious things are said about this patient and they get to hear about it, it might harm their health further. A HIPAA security assessment would be required after such a data breach.
Hospital employees in particular need to be extra careful, because they can easily break the HIPAA Security Rules and get into legal trouble. Blogs where hospital employees meet are a great idea for them to discuss their work, but these same blogs can easily cross boundaries and find themselves discussing a particular patient. The hospital employee can be fired and sued. The hospital itself is in particular danger of being sued.
Social media has changed the way we communicate but we need to know when it’s appropriate and when it is not. In hospitals, in can be especially damaging if used in the wrong way. To stay out of trouble, hospitals need to have a clear policy on social media and how their employees use it and have consistent HIPAA risk assessments.