Ouch! Social media crashes into medical privacy rules
advertisement
September 2-8, 2011 Ouch! Social media crashes into medical privacy rules PUGET SOUND BUSINESS JOURNAL SEPTEMBER 2-8, 2011 By Elaine Porterfield CONTRIB UTING WRITER Think twice before posting Social media can boost a business in many ways. You can market yourself around the clock! You can connect with your customers wherever they are! PRIVACY | From But today’s powerful online 22 networks can cause high-tech headaches for hospitals and Danahomes L ew is, anbyinteractive marnursing bound the legal and ethical keting specialist Swedish Medical duty to safeguard theiratpatients’ privacy. Center, in Seattle, said her organizaIn a recent case that provoked public outrage, tion has adopted social for example, three staffinternet members atand Bremerton’s media policies “remind people Kitsap Health and that Rehabilitation Center were to think before they post anything fired after swapping by cellphone nude photos of residents of the nursing home as a joke. (The related to patient privacy.” facility has true since closed other reasons.)feel That’s even for if employees While protected that privacy someone’s invasion was privacy, obviously they’ve egregious, practices and guidelines for she said. the At Swedish, rule No. 1 is: using social media privacy in health care settings aren’t Respect patient online. always clear. “ T h is is t he golde n r u l e ,” s he After all, for isolated or ailing seniors — who often lack mobility — social media such as Facebook, YouTube and Twitter can bring the blessings of friend and family contact into their lives. Nearly every health care employee, along with the vast majority of the U.S. population, carries a phone that’s capable of at least snapping and sharing photos. And nearly half the population packs smartphones capable of full social media sharing. Strict federal law Yet health care facilities operate under the 15-year-old federal Health Insurance Portability and Accountability Act, known as HIPAA, which imposes strict rules to prevent disclosure of personal health information without patient authorization. When it comes to social media, many questions remain unanswered about how HIPAA applies. Are photos kept on someone’s private cellphone allowed? Does posting the photos to a blog or website make them public, and therefore forbidden? What about Facebook, in which users can limit, sort of, who accesses their personal page? Overall, it’s a brave new world for the health care industry when it comes to social media, before they post anything related to patient prisays Seattle attorney Sarah Swale, with the firm vacy.” said. “W hile may seem OK to talk the most of actions could Lane Powell, whoitfollows such issues. That’s trueinnocuous even if employees feel they’ve about anand interesting case if protected h a v e usomeone’s n f o r e s eprivacy, e n c oshe n ssaid. e q uAt e nSwedces, Twitter Facebook may seemonline old hat to you’re notbutment ioni he pat ient given how many users, in terms ofng the tlaw, ish,the rule law No. 1on is: social Respect media patient by me, you new, a ndand you r or and privacy theyna still are very there is privacy online. is in f lux. There ganization could be on, facing isn’t a perfect employee little case precedent to rely Swale a “This is the golden rule,” polshe HIPA A likely violation if take there are icsaid. y, a“While nd Swa le seem doesn’t be said. It’s going to several it may OK to talk enough a i ls iset n tofherulings post l ieve t here is a ny years for a det significant about an interesting casegener online ic if ftoo rclarify p a tlimits i e n t on s social t o r media e c o gpostnize version that will work all you’re not mentioning the for patient themselves.” hea lt h cyou a reandorga i z at ions , ings, photos sent by cellphones or by name, yournorganization Forkept those tempted to post given the untested ramificablogs by employees. could be facing a HIPAA violation something about the job that tions of are many actions “Though technology changes if there enough details in in the the Swale could y an individual, social quickly identif … the wheels of litigation post formedia. patients to recognize themLmove ew isslowly,” said,Swale “ Wesaid. encourage “ Fr iending ” a pat ient on “It’s difselves.” ficult to get ahead of it go because it is so new and Facebook, For those tempted to post something people to not even there. for example, couldabout be the an we“ don’t decisions yet on it.” that couldgesture identify an Lewis said, Takehave a deep breath – there are job amicable —individual, or an illegal disIn last year’s widely reportedyourself,” Bremerton case, encourage people to not even go there. other outlets to express she “We closure of a patient’s condition. Kitsap County prosecutors did not file criminal “Take a deep are other said. “Once you breath friend– there a patient on outlets Facecharges, statev iDepartment express sheAsaid. I n S but w athe l e ’s e w, t h e ofSSocial w e d iand s h to book, is yourself,” it a HIPA violation? ” Swale investigation after asked. In Swale’s view,an theissue, Swedish guidelines are gHealth u idelServices i nes aconducted re app an rop r iat e. E ven “That’s a big issue.” the son of an 81-year-old dementia patient dis- appropriate. Even the most innocuous of actions covered that his mother’s photo had been shared could have unforeseen consequences, given how by nurse aides and a licensed practical nurse. the law on social media and privacy is in flux. There isn’t a perfect employee policy, and Swale doesn’t believe there is any generic version that Facebook firings The Bremerton case is not unique. Last year will work for all health care organizations, given in California, a hospital fired five employees and the untested ramifications of many actions in the disciplined another for posting what it claimed social media. “Friending” a patient on Facebook, for were personal discussions about patients on Facebook. That sparked a labor dispute after example, could be an amicable gesture — or an the nurses contended they posted no specific illegal disclosure of a patient’s condition. “Once you friend a patient on Facebook, is details about patients that would have violated it a HIPAA violation?” Swale asked. “That’s an anyone’s privacy. In another, more startling case, a man was issue, a big issue.” Even a seemingly warm gesture such as brought to a Southern California hospital in 2010 after a stabbing attack by a fellow nurs- posting a picture of a nursing home resident’s ing home resident. There, employees (along birthday party on an employee’s Facebook page with some firefighters) took pictures of him could, she said, be problematic. These privacy concerns can put a damper as he lay dying, and some of those who were involved posted those photos on Facebook. not just on digital socializing, but on the ability Three of the hospital employees ended up los- of a health care business to use social media to tout good news. For example, doctors at a ing their jobs. Locally, health care providers are trying to hospital may have to be careful about citing their patients when blogging about advances stay ahead of the curve. Dana Lewis, an interactive marketing spe- in care. “We have all these new questions and little cialist at Swedish Medical Center, in Seattle, said her organization has adopted internet and tiny answers coming out,” Swale said. “There’s social media policies that “remind people to think not enough to get a big picture.” Reprinted for web use with permission from the Puget Sound Business Journal. ©2011, all rights reserved. Reprinted by Scoop ReprintSource 1-800-767-3263. HE Ev such home empl said, Th damp ing, b busin good hosp citin abou “W and l Swal get a S
