By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Health Works CollectiveHealth Works CollectiveHealth Works Collective
  • Health
    • Mental Health
    Health
    Healthcare organizations are operating on slimmer profit margins than ever. One report in August showed that they are even lower than the beginning of the…
    Show More
    Top News
    physical health
    5 Ways Playing Games Can Improve Neural and Physical Health
    September 9, 2022
    Reasons For Hair Loss and Its Treatment
    Reasons For Hair Loss and Its Treatment
    February 16, 2022
    healthcare organization
    5 Actionable Strategies For Healthcare Organizations
    August 15, 2022
    Latest News
    7 Most Common Healthcare Accreditation Programs: Which Should You Use?
    August 20, 2025
    Hospital Pest Control and the Fight Against Superbugs
    August 20, 2025
    Hygiene Beyond The Clinic: Attention To Overlooked Non-Clinical Spaces
    August 13, 2025
    5 Steps to a Promising Career as a Healthcare Administrator
    August 3, 2025
  • Policy and Law
    • Global Healthcare
    • Medical Ethics
    Policy and Law
    Get the latest updates about Insurance policies and Laws in the Healthcare industry for different geographical locations.
    Show More
    Top News
    4 Reasons Chris Cornell’s Death Raises Medical Ethics Questions
    December 19, 2018
    What If You Could Sell Your Vote?
    August 24, 2017
    The Sleepy American
    September 12, 2017
    Latest News
    How Social Security Disability Shapes Access to Care and Everyday Health
    August 22, 2025
    How a DUI Lawyer Can Help When Your Future Health Feels Uncertain
    August 22, 2025
    How One Fall Can Lead to a Long Road of Medical Complications
    August 22, 2025
    How IT and Marketing Teams Can Collaborate to Protect Patient Trust
    July 17, 2025
  • Medical Innovations
  • News
  • Wellness
  • Tech
Search
© 2023 HealthWorks Collective. All Rights Reserved.
Reading: Social Media’s Effect on HIPAA Privacy and Security
Share
Notification Show More
Font ResizerAa
Health Works CollectiveHealth Works Collective
Font ResizerAa
Search
Follow US
  • About
  • Contact
  • Privacy
© 2023 HealthWorks Collective. All Rights Reserved.
Health Works Collective > eHealth > Medical Records > Social Media’s Effect on HIPAA Privacy and Security
eHealthMedical RecordsPolicy & LawSocial MediaTechnology

Social Media’s Effect on HIPAA Privacy and Security

onlinetech
onlinetech
Share
11 Min Read
HIPAA Breach
SHARE

Updates and Implications on Understanding, Policy, Compliance and Enforcement

Technology has enabled many organizations in the healthcare industry to provide safe and quality care while allowing accessible use and sharing of medical data. However, it has not come without the risk of medical information being used inappropriately.

Updates and Implications on Understanding, Policy, Compliance and Enforcement

Technology has enabled many organizations in the healthcare industry to provide safe and quality care while allowing accessible use and sharing of medical data. However, it has not come without the risk of medical information being used inappropriately.

More Read

HealthCare Business: 10 Tech Trends that are Going Mainstream and What to Do About It
A Must-Follow Social Media Advisor
Health eVillages: mHealth Tools for Underserved Regions Worldwide (podcast)
Connective Tissue Disorders Push Collaboration Among Cardiologists, Other Specialists
Why US Healthcare Costs So Much More – it’s the Monopoly Factor

HIPAA BreachThe HIPAA Privacy and Security Rules ensure protected health information (PHI) is kept safe, secure, accessible, and available for those who have the authorization and a valid need to access it. Enforcement of the Rules comes in many forms including the possibility of enduring an OCR audit, either random or complaint-initiated, and the potential for civil monetary penalties, criminal penalties, and/or a publicly-posted settlement agreement.

The importance of compliance with regards to social media is the focus of this informative blog. The Final HIPAA Privacy and Security Rules which went into effect on March 26th of this year include stricter rules for data breaches of unsecured PHI. The compliance date of September 23rd of this year is quickly approaching.

When it comes to providing up to date information for large populations of patients, social media may prove to be an excellent tool. Social media is defined as a technological platform including services used by individuals to communicate and share information. Social media supports availability in many forms such as social networking, blogs, internet forums, video and picture sharing, and group interest sites to name a few.

A survey by the Pew Research Center of individuals reported the majority of social media being used is Facebook at 67%, Twitter at 16%, and Instagram at 13%.  Facebook is the most popular social media instrument with 6,930,053 views in the month of April, 2013 compared to Tumblr which received 43,956 views.

According to Schmitt, Sims-Giddens, and Booth, “Social media is more than an emerging technology platform or cultural trend, but a method of communication that is changing the way individuals and organizations throughout the world transmit and receive information. The meaning and value of social media continue to be debated among business leaders, computer science scholars, educators, and users.”

Social media has a negative connotation when it comes to information being shared inappropriately by nurses, or other clinicians, on their personal social media outlet such as Facebook. The ease of publishing significant amounts of written, pictorial, or audio information in seconds, from a portable location, and while on the job provides the capability to violate policies, laws, and patient ethics instantly and from anywhere. While the potential for misuse is significant, and evidence is available to support those fears, not all social media use in healthcare is bad.

The following are positive examples of social media use from a survey performed by the American Academy of Facial Plastic and Reconstructive Surgery in Alexandria, VA. The survey reported that in 2011, 42 % of patients obtained plastic surgery information via social media, which is an increase from 29% in 2010.

In addition, physicians shared the fact that patients were knowledgeable and more educated about plastic surgery because of the availability of information online. Social media has also been received positively as a component of nursing education curriculum. Technology has provided students with options for learning away from the traditional classroom setting. This technology has also helped job seekers connect without expending much effort through LinkedIn.

Jobrary is another technological advance that can be shared via social media easily for job seekers as an online creative resume and portfolio of work. Social media has also facilitated the sharing of scholarly works through online solutions. A good example is Mendeley which provides secure organization for articles and sharing while remaining free of charge.

However, there is significant and consistently-appearing evidence depicting the negative side of this sharing technology. On August 17th last year, Dale Munroe, a former Florida Hospital employee was accused of retrieving and selling patient information. According to the Federal Bureau of Investigation, “ORLANDO—U.S. District Judge Roy B. Dalton, Jr. today sentenced Dale Munroe, II to 12 months and one day in federal prison for his role in stealing the information of Florida Hospital patients. As part of his sentence, Munroe was also ordered to serve a two-year term of supervised release. Munroe pleaded guilty on October 22, 2011.” This is a clear example of a violation of both the HIPAA Privacy and Security Rules, as well as the organization’s workforce security awareness and training.

While this example includes criminal penalties, Civil Monetary Penalties (CMPs) and settlement agreements are more common. The Final Omnibus Rule includes increased fines for violations including the first category that should get the attention of many healthcare organizations, “Did not know.” This category can still transfer significant liability to a healthcare provider for the actions of their employees, or other members of the workforce.

Violation Type

Each Violation

Repeat Violations/Year

Did not know

$100-$50,000

$1,500,000

Reasonable Cause

$1,000-$50,000

$1,500,000

Willful Neglect-Corrected

$10,000-$50,000

$1,500,000

Willful Neglect-Not Corrected

$50,000

$1,500,000

More damaging than the CMPs in this table are the settlement agreements, which need not necessarily adhere to this fine structure, the significant cost of responding to a breach or an investigation by the OCR, and the negative impact to the reputation of the organization.

According to the Ponemon Institute (2011) the average cost of compliance was between $446,000 and $16 million per organization. However, the cost of not complying was projected significantly higher at between $4.4 million and $28 million due to loss of revenue from decreased productivity, damage to the organization’s reputation, loss of current and future customers, and legal costs.

Just last year, Linda Sanches, Senior Advisor, Health Information Privacy said that many organizations have not done their due diligence towards compliance. Now we have the upcoming Final Omnibus Rule compliance date looming on September 23rd, 2013, and promises of increased awareness, training, and enforcement.

What should be done? Your organization needs to begin the process sooner rather than later, and address a real, emerging, and quickly expanding threat. Designate a team to investigate the use, options, controls, enforcement, and audits that can be put into place to reduce your risk, and potentially increase revenue and patient satisfaction. Incorporate corporate culture and keep an eye ever focused on regulatory requirements including both HIPAA and stricter state-based laws such as those in California and Texas.

Short of collecting personal devices at the door or by the timeclock, and blocking all communications with social media sites, the problem will be impossible to eliminate. Ensure that policies, supporting procedures, workforce training, personnel management, technical controls, and random auditing are all a part of your organization’s solution to this growing opportunity.

Involve departments like Marketing, Foundation, and Human Resources to identify how social media is already being used, or desired to support business purposes. Remember that all of the members of your workforce are human beings, and that absolutes are rarely adhered to. Provide healthy, safe, secure and compliant options, clear direction, and reasonable and appropriate review of adherence, and the organization will be in the best position to manage risk.

– Rose Rienton MSN, BSN, CHP
Healthcare Practice Leader with RISC Management and Consulting
For more information please contact RISC Management and Consulting, www.RISCsecurity.com

HIPAA Compliant Hosting White PaperRead our HIPAA Compliant Hosting white paper as it explores the impact of HITECH and HIPAA on data centers. It includes a description of a HIPAA compliant data center IT architecture, contractual requirements, benefits and risks of data center outsourcing, and vendor selection criteria.

References:
Department of Health & Human Services. (2013). News release: WellPoint pays HHS $1.7 million for leaving information accessible over internet. Retrieved from http://www.hhs.gov/news/press/2013pres/07/20130711b.html

Federal Bureau of Investigation. (2013). Former Florida hospital employee sentenced to federal prison for data theft. Retrieved from http://www.fbi.gov/tampa/press-releases/2013/former-florida-hospital-employee-sentenced-to-federal-prison-for-data-theft

International Communications Research. (2012). American academy of facial and reconstructive surgery 2012 membership study. Retrieved from http://www.aafprs.org/wp-content/themes/aafprs/pdf/AAFPRS-2012-REPORT.pdf

National Institute of Standards and Technology. (NIST). Safeguarding health information: Building assurance through HIPAA security. Retrieved from http://www.nist.gov/itl/csd/hipaa-security-conference-2012-webcast.cfm

Office for Civil Rights. (2013). 2012 Audits of covered entity compliance with HIPAA Privacy, Security and Breach Notification Rules: Initial Analysis. Retrieved from http://www.ehcca.com/presentations/HIPAA21/sanches_1.pdf

Ponemon Institute. (2011). The true cost of compliance: A benchmark study of multinational organization. Retrieved from http://www.ponemon.org/library/the-true-cost-of-compliance-a-benchmark-study-of-multinational-organizations?s=true+cost+of+compliance

(HIPAA breach / shutterstock)

TAGGED:data breachHIPAAPrivacy
Share This Article
Facebook Copy Link Print
Share

Stay Connected

1.5kFollowersLike
4.5kFollowersFollow
2.8kFollowersPin
136kSubscribersSubscribe

Latest News

travel nurse in north carolina
Balancing Speed and Scope: Choosing the Nursing Degree That Fits Your Goals
Nursing
September 1, 2025
intimacy
How to Keep Intimacy Comfortable as You Age
Relationship and Lifestyle Senior Care
September 1, 2025
engineer fitting prosthetic arm
How Social Security Disability Shapes Access to Care and Everyday Health
Health care
August 20, 2025
a woman explaining the document
How a DUI Lawyer Can Help When Your Future Health Feels Uncertain
Public Health
August 20, 2025

You Might also Like

Behavioral Health Integration
BusinessFinancePublic Health

Why Is Behavioral Health Integration So Rare?

November 6, 2014
health works ACA obamacare fastfood
BusinessHealth ReformPolicy & Law

Don’t Worry, ObamaCare Won’t Kill 99 Cent Value Meals

March 29, 2013

Medications and Your Dental Health

November 28, 2012

Standards of Decency in the Blogosphere

June 25, 2014
Subscribe
Subscribe to our newsletter to get our newest articles instantly!
Follow US
© 2008-2025 HealthWorks Collective. All Rights Reserved.
  • About
  • Contact
  • Privacy
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?