HIPAA and Social Media

Good morning, everyone. My name is Ryan. I am one of the quality improvement nurses here at Health Carousel, and I'm joined by my colleague, Ashton.

Hello, everybody.

And so today, we wanted to just take a few minutes to talk to everyone about HIPAA and privacy protection, policies that apply to US health care, in the and the use of social media. So today's goals, right, the objectives for today are to describe HIPAA, the privacy rules and regulations that go with it, identify patients' rights and your role as the health care professional, in protecting them, discuss health care professionals' responsibilities as it pertains to HIPAA, and then explain the penalties for noncompliance, when it comes to adhering to the HIPAA rules and regulations. And so patient privacy is not just a policy. It's a shared responsibility for all health care professionals, and we must respect every patient's right to privacy. And so it's important to know your facility's policies as it pertains to this, but then also, the national regulations related to HIPAA, and and sensitive patient information.

And so I'm gonna kick it over to Ashton who has some key definitions and things, to review, first.

Yeah. Thanks, Ray. And so some some definitions that you'll hear today during this, review is what is HIPAA. Right? So it actually stands for Health Insurance Portability and Accountability Act. So that was created in nineteen ninety six and is a federal law here in the US. So it protects patients' health information.

So it limits how we use and share patient information, gives patients more control over their information, protects the integrity, availability, and confidentiality of patient information, and just overall defines violation penalties. And so the the next definition that you'll probably hear today is patient confidentiality. So patient confidentiality is the legal and ethical obligation of health care providers to keep a patient's personal health information private and secure.

And so in that definition, you heard patient personal health information. Right? So PHI, protected health information.

Any identifiable health data is considered PHI. And so these definitions, are from the foundation of HIPAA compliance. So definitely words and, definitions to know before getting here to the US.

And so, Ryan, what is HIPAA and what does it protect?

So, HIPAA, you know, is really important. Right? It is a, like I said, nationally recognized, you know, set of boundaries. Right?

It's it's there to ensure patient safety. And so it helps to protect the the individually identifiable health information of patients. Right? It applies to written, verbal, electronic forms, and it provides special, protections for HIV patients, substance abuse patients, as well as any of those psychotherapy notes, that are included.

Examples additional examples of protected information include names, addresses, relatives' names, Social Security numbers, medical record numbers, emails, IP addresses. Really, any patient information that is found within their chart, right, if it's in the chart, it's protected information, under the HIPAA rules. And so HIPAA also grants patients the right to be provided with a notice of privacy practices that describes how their information is used and how it is shared.

It also, you know, allows them to review and obtain copies of their personal medical and financial records, submit requests for corrections to their private information, if information is incorrect. And then finally, it allows the patients to be notified if their information has been involved in a breach of security, or confidentiality.

Yeah.

And so Oh, go ahead.

Sorry. No. I was just gonna say it reminds me of, like, on the patient side of things. So, like, every year when I get my physical, I also always sign that notice of privacy practices at the doctor's office. Right? Because as the patient, that's our way of acknowledging the control that we have. And so it's kind of on both sides of things, the the health care provider side and the knowledge of HIPAA, but also on the patient side as well.

No. It's a great point. It it is, every patient is made aware of their rights, but also, the rules and everything related to HIPAA, pretty much at every in any, encounter in in health care. So, how can you I guess, Ashton, kind of talking on the confidential side, how can you determine if it's confidential information?

Right. So great question.

And so, honestly, the easiest thing to do is kinda think about, did I learn this through caring for a patient? If the answer is yes, then it's confidential, and you should only share that with those who need that information. So it's a need to know basis. This applies to coworkers or family members. Those records should never be accessed without authorization from that patient.

And so, again, asking yourself, did I learn this information through caring for a patient?

Only share information with those, that is a need to know basis. Right? So with other faculty or staff that needs the information to do their job. And so avoiding accessing patient records unless you need to.

Right? So say you are you know, your coworker is having a really tough shift because of a patient, and they are kind of venting to you. That's not necessary for you to go in their chart and learn more about the patient. Right?

Because you're not caring for that patient. It has nothing to do with your job. Right? So no need to go into that patient's chart.

You are also not allowed to look at your own patient chart.

You are not allowed to look at other coworkers' charts, family members, friends. You know? Again, strictly only go in charts of patients you have direct care over. That's what's important to remember.

Perfect. Yeah. I mean, it's it's super easy to to, you know, encounter situations where you may want to know something, but you need to ask yourself, is it need to know? Right? Is it something that is my responsibility as a health care professional to know or or to act on?

Exactly.

Then that is confidential, and you you should not be accessing that information.

Yeah. It's only natural to be curious. Right? But you gotta lock in that curiosity and remember, you know, you are a professional and these patients are trusting you with very personal information. So you need to take that seriously.

Yeah. So, again, you know, those responsibilities of health care professionals, right, apply to a lot of different environments. Right? There are different things to keep in mind depending on where you're practicing or, you know, whether you're in the patient's room, nurses' station. And so, you know, kind of just kicking it off there. Right? Some some good things to keep in mind that you can ensure that you do on your end as a health care professional, right, are, you know, ensuring that, you know, you're closing the door after entering the room if if that's, you know, okay with the patient, if there are, you know, things that need to be discussed or or information being passed between you and the patient that maybe that they are uncomfortable with other people knowing or hearing.

You know, ask visitors to leave the room unless the patient requests for them to stay. Right? Obtaining that patient consent for visitors, family members, friends, whoever may be in the room with you to hear those conversations.

You know, speak softly if they have a roommate. Some patient care environments maybe only have patients separated by a curtain. They may be sharing a room. It could be two patients in a room together. So it's, you know, important to be mindful, and kind of demonstrate that courtesy to your patients when having conversations.

And then don't leave your your documentation, right, if you're carrying care plans around with you, charts, imaging. Don't leave them unattended and laying in ClearView.

Yep. Absolutely. And you know, in addition to the patient's room, you'll also be around the nursing station. Right?

And so in this specific area, again, you don't wanna leave patient information, you know, flow sheets, charts, sticky notes, little notes to yourself or reminders, lab reports, anything like that. You know, again, face up, easily viewable. You know, you wanna make sure that you put those back where they belong or you shred them. Right?

So, typically, on all units, there is a specific kind of I guess we can call it a trash can, but it's specific for PHI that an outside company will come pick up those documents and actually shred it like a massive shredder for the entire, hospital. So make sure that you're not just throwing it in the normal garbage can, because those things do need to be shredded and disposed of properly.

Again, speak softly. Right? The nursing station is a very public area on the unit, And so you do want to discuss patient care, in, you know, a soft tone. Right?

And so, again, if it's best to use a private area, but especially if that's kind of where the phones are located and you're trying to talk to a provider or a doctor to get orders, again, just don't don't yell about it. Don't raise your voice.

And so and, again, just don't have your personal phones out. I know a lot of times maybe, you know, we see something interesting that we wanna remember. Right?

Maybe we wanna take a picture of it or a video or want to, you know, just, honestly, just take a cute selfie with your coworkers. Right? The last thing you wanna do is have patient information in the background. Right?

Whether that be a chart that's open on the computer, even a patient walking by, family members walking by. Right? You just we can't have that. You can't risk it.

And so just it's best to keep your phone, in the in the locker room, in the break room, you know, wherever the team keeps their, you know, personal belongings, just don't even have it out on the unit just to be safe.

No. That's that's a great point. I think it's a great segue, know, really into to some of the other environments and things to keep in mind to ensure that patient confidentiality remains intact and, you know, computer screens. Right?

It goes away from just the physical documents of of care. Right? Yeah. I know you mentioned the shredder before, and that doesn't apply to electronics.

So it's it's good to to keep those things in mind. And so much of the care that we do is done through either computers.

They even have mobile charting devices now. So a lot of hospitals will have, their own phones for nurses to carry and communicate with one another, take pictures to put into charts. Right? So it's important to always just ensure that you're keeping the confidentiality aspect in mind when using those devices also.

Right? So, have the screen facing away from public view. Right? So it's not visible, you know, to patients, to visitors, unauthorized people around the hospital environment.

Right? Always ensure you're logging out of any of those, charts or or devices when you're not using them so nobody has access and access under your account.

Change your passwords frequently. A lot of facilities will have their, password policies implemented, and and reminders will come out from their IT teams. But, you know, keep those passwords changed and updated.

And then finally, right, don't share your login information. Right? You should never log in to somebody else's, charting account. Right? You should never allow anybody to utilize or access your charting account. Right? Always always ensure that, you're not sharing that information with any colleagues or peers.

You're responsible for what is, done under your login.

Yeah. Super important.

Yeah. So tell us a little bit about, like, emails because I know that that those get utilized a lot, for work emails within the hospital.

Yeah. For sure. For sure. And so, you know, the emails are typically used, obviously, from communication from the hospital system, from your manager or other leaders. And so you always wanna use protected encrypted emails, which all facilities do have.

So when you are working in the hospital, you should get a specific hospital email. Right? And so that's the email that you would wanna use if you do need to send, emails related to work. Never use the PHI in email attachments or in the email itself, just because emails can easily be sent to the wrong person. Right?

Totally innocent mistake, but it does happen.

And then emails, you know, do not ensure privacy of information that is transmitted. Right? So technology is a blessing and a curse at the same time. So it definitely you just be cautious and aware of what you're sending. And so in relation to email, Rai, let's talk about other technology and social media.

Yeah. I mean, talk about hitting the segues. Right? And so talk about another blessing and a curse as well. Right? The the social media and technology, right, in today's day and age.

You mentioned it before, you know, personal phones, tablets.

It's easy just to have them on you, have that just newfound desire to just snap a selfie, post a TikTok video, you know, it's extremely important to to avoid that, really. A lot of facilities will have you sign their, you know, handbook policy, which will include the use of personal electronic devices in the workplace. So that's always just an area that I just advise all the nurses I talk to to avoid. Right?

It's it's just easiest to put that phone somewhere in a break area in the locker room where you won't have that temptation. You won't feel the messages coming through in your pocket, and and you won't, you know, take that step too far. A lot of times nurses do it, and they don't even realize it. And and use of you know, just posting, you know, videos to social media, photos.

So it's important that we, you know, avoid that so that you don't post private information or discuss patients, on those web based platforms. And that even then carries outside of work as well. Right? When you go home, you may, you know, kind of have that instinct to, you know, post a recap onto social media or talk about your day or, you know, events.

And so it's extremely important that you're aware and just understand that you're responsible for those things that you put out onto social media. And we would never want you to get into a situation where the HIPAA rules are violated in those web based chat rooms and social media such as TikTok, Facebook, Twitter, Instagram, or any of those other ones that I'm unfamiliar with. But it's just extremely information, extremely important to protect that information. And so we we reflect a lot on selfies because, I've seen it with people I've worked with.

I've seen it with nurses that we've worked with where they take a selfie at work. Right? And they they thought that it was okay. It's harmless, but maybe in the background, there was, you know, a chart.

It could be the the bed board, right, with the bed assignments.

That includes patient names, patient information. You never know, you know, what's in the background potentially if you're if you're trying to take one of those photos. And so it's just extremely important to avoid, you know, the social media mixing with the work life. But I didn't know if you had anything additional you wanted to kind of tack on there, because I know that's a big part of this conversation as well and is continuing to grow, into into a a bigger focus and topic when it comes to HIPAA, policy and and procedure.

Yeah. The only thing I wanted to add was, you know and with our nurses being away from home. Right? A lot of times, they're away from their countries, and they want to, you know you know sometimes the only time you guys have conversations with those at home is during your your shift. Right? And so sometimes we get the urge to, you know, video chat.

Very similar in terms of, you know, the selfies. You, one, shouldn't be video chatting, you know, at work, during your shift unless you're on break. Right? So you shouldn't even be on the unit.

You should be in the break room, something like that. But just, again, be very, very aware of what is in the background, and, you know, remain remain professional. And so I think that's why we keep referring back to, like, just keep the phone in the break room. Right?

There's really no necessary need to have your phone on you when you're on the unit working. Right? The hospital provides everything that you should need, and so your phone should be kept, you know, in a private area where you can refer to it on your breaks.

And so, you know, I know you kind of alluded a little bit to it, Rai, about, you know, when they go home. Right? And so even after you're not on shift, right, you are going home. You stopped at maybe the grocery store on the way home.

Right? You just never maybe you're talking on the phone with a nurse you worked with. You know, you never want to mention the patient's private information in public. Right?

People are walking by, watching you, you know, just listening, you know, minding their own business, but they they overhear. Right? And so you just never know who's gonna be walking by. They could potentially even know that person you're talking about.

Right? You don't know. And so just, again, never carry, you know, the PHI documents, anything from the hospital home with you. And so, again, like the shredders we talked about, you know, make sure you are not taking anything related to a patient, home with you.

There's no need. Right? And so just make sure you are doing the best you can to keep that private information private.

And so, you know, as we wrap up here today, you know, here are those those key takeaways. Right? Of all the things we've talked about, just remember these, you know, and then you're here you should be good to go. So always treat a patient information as confidential. Right? Only access or share if that's part of the job you need to do.

Posting about work or patients on social media can violate HIPAA and put your career at risk. So HIPAA violations can lead to termination, fines, or loss of your nursing license or other forms of, you know, reprimand based on the board of nursing's kind of decisions on that investigation. So, again, super crucial thing to be aware of and to follow.

It is conversations that Ryan and I don't enjoy having with our nurses when we have to. But, again, it's completely in your control. Right? So, again, be aware of what you're doing, what you're seeing, and do the best you can to, again, keep your patient's information private because I know as a patient, I would want that. So you should be giving your patients the same courtesy.

Anything you wanted to add, Rai?

No. No. Those, yeah, the the last one. Right? You've worked so hard to get to where you are in your career.

You know, taking on that responsibility to care for patients is huge in itself. But, you know, this is something that, unfortunately, I've seen, multiple nurses trip up on, and it it is unfortunate when it occurs. So it's if you know, again, if you take anything away, right, it's it's it's a big responsibility to to care for patients for them to, you know, be vulnerable and and and allow access into their lives.

And so take that and and, you know, kinda carry that that weight on your shoulders, right, as the nurse.

Respect them and, you know, protect your license at the end of the day. Right? It is something that is taken very serious by every board of nursing. And, unfortunately, you know, those trips that can you know, have I've seen can, you know, ultimately lead to, you know, action being taken against that license you've worked so hard, to keep and maintain.

Absolutely. Yeah. It just why risk it? Right? Do the best you can to keep that information private, and you should you should be all good. You know?

All good.

Alright. Well, thank you guys for joining us today for this segment, and, we'll hand it back over to the team.

‍