HIPAA Times news | Concise, reliable news and insights on HIPAA compliance and regulations

Social media HIPAA violation series: Photo post

Written by Farah Amod | Nov 20, 2024 9:29:37 PM

A photo shared from a Tennessee operating room in October 2020 raised concerns about privacy and professionalism, prompting Ballad Health to take action.

 

The incident

In October 2020, a photo taken during a surgical procedure at Ballad Health in Johnson City, Tennessee, was posted on social media. The image featured surgeons wearing a racing helmet, aligning with the #WearYourHelmetToWork social media trend. While the patient’s identifiable features were not visible, the post drew widespread attention online.

Ballad Health quickly condemned the post, calling it “unacceptable” and breaching internal policies. In a statement, the organization clarified that while the photo did not violate the Health Insurance Portability and Accountability Act (HIPAA), it nonetheless fell short of the standards expected in a healthcare setting. “We are taking appropriate measures to address this directly with the care provider,” the statement said.

 

What rules were violated

Although HIPAA violations were avoided because no patient information or identifiable features were shared, the post breached Ballad Health’s internal policies. Healthcare organizations often have strict guidelines to ensure professionalism and maintain patient trust, even in cases where no identifiable information is revealed.

The lighthearted tone of the post, shared during a surgical procedure, undermined the seriousness of the medical environment and risked eroding public confidence. Actions like these can blur the boundaries of professionalism, as healthcare providers are expected to create a safe and respectful space for patients.

Related: HIPAA and social media rules 

 

How companies can protect privacy

To prevent incidents like this, healthcare organizations should:

  • Reinforce professionalism policies: Ensure employees understand how to maintain professionalism, particularly in sensitive areas like operating rooms.
  • Provide social media training: Educate staff about the potential consequences of sharing workplace photos or videos online, even if they don’t include patient identifiers.
  • Create clear boundaries: Implement specific guidelines about what types of content are acceptable to share on social media from the workplace, focusing on preserving trust and respect.
  • Foster accountability: Develop a system for monitoring and addressing social media use to ensure compliance with internal policies.

See also: Social media & HIPAA compliance: The ultimate guide

 

FAQs

Can healthcare organizations address patient queries on social media platforms?

Healthcare organizations should refrain from discussing specific patient health details on social media. Encourage patients to use secure communication channels or contact their healthcare provider directly for personalized inquiries. 

 

Is it acceptable to share general health tips and updates on social media?

Yes, sharing general health information is fine, but avoid examples that might inadvertently reveal patient-specific details. 

 

Can healthcare services be advertised on social media platforms?

Yes, but ensure advertisements avoid disclosing patient-specific details to comply with HIPAA guidelines.

See also: HIPAA Compliant Email: The Definitive Guide
View full post