HIPAA Times news | Concise, reliable news and insights on HIPAA compliance and regulations

Social media HIPAA violations: Citadel Winston-Salem and Tiktok

Written by Farah Amod | Nov 27, 2024 3:06:22 AM

A nurse’s TikTok videos joking about mistreating patients led to a suspension and sparked debate about professionalism and social media use in healthcare.

 

The situation

In June 2021, Kelly Morris, a former nurse at Citadel Winston-Salem, faced suspension after her employer reviewed her TikTok account. Morris, known online as ‘BubbleGumKelz,’ posted videos that included jokes about mistreating patients. The videos, which she described as comedy skits, prompted concern from viewers and led to disciplinary action from her employer.

Morris defended her actions, stating, "The only thing hurt in my TikTok videos were people's feelings. All my videos are comedy skits... No one was ever harmed, and I treat all my patients with great care." However, Citadel Winston-Salem’s parent company, Accordius Health, issued a statement stressing that Morris’s actions violated their core values and that any form of resident abuse—real or implied—is not tolerated.

The company reported her actions to relevant state and federal agencies, reiterating its commitment to resident safety and professionalism.

 

What rules were violated

While Morris did not disclose patient information in her videos, her behavior shows how healthcare workers’ online conduct can still intersect with HIPAA. Ensuring patient trust is a core aspect of HIPAA’s focus on patient confidentiality. Even when specific patient details are not shared, content that raises concerns about professionalism could indirectly impact the organization’s ability to meet HIPAA’s broader objectives of safeguarding patient well-being.

Accordius Health addressed this in their statement: “Misuse and unprofessional use of social media platforms by employees violates our core values and is not tolerated.” While her actions may not constitute a direct HIPAA violation, they risk eroding the trust needed for patient care and organizational credibility.

Related: HIPAA and social media rules 

 

How companies can avoid violations in the future

To prevent incidents like this and ensure alignment with both HIPAA and internal policies, healthcare providers can take actionable steps:

  • Reinforce professionalism: Develop and communicate social media guidelines that explicitly prohibit unprofessional conduct, even if it does not involve patient information.
  • Offer targeted training: Conduct training programs that provide clear examples of how social media activity can reflect on the organization’s reputation and professional ethics.
  • Monitor social media presence: Establish systems to review employees’ public posts, balancing respect for privacy and proactive risk prevention.
  • Promote internal support systems: Create safe and confidential channels for staff to share stress or frustrations without resorting to public platforms.
  • Respond swiftly and transparently: Address violations promptly. Provide clear explanations for actions taken to reassure patients and maintain public trust.

As Accordius Health stated, “We are grateful for the global healthcare team that protects the elderly with pride in our profession.” Upholding this pride requires healthcare workers to ensure their online behavior reflects their dedication to patient care.

 

FAQs

Can healthcare organizations use social media to share patient success stories or testimonials?

Healthcare organizations can share patient success stories or testimonials on social media with patient consent. Ensure that the information shared is de-identified to protect patient privacy. 

 

Is de-identified healthcare information subject to HIPAA restrictions?

De-identified healthcare information that cannot be linked to an individual is not subject to HIPAA restrictions. Healthcare professionals should ensure that any information shared on social media has been properly de-identified to protect patient confidentiality. 

 

Can healthcare professionals respond to patient inquiries or comments on social media without violating HIPAA?

Healthcare professionals can respond to general inquiries or comments on social media if they do not disclose any patient-specific information. Responses should be general and avoid discussing individual cases or revealing PHI, even inadvertently.

Related: How to stay HIPAA compliant on social media
View full post