Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2011 Smith Moore Leatherwood LLP. ALL RIGHTS RESERVED. Walking The Social Media Tightrope Understanding the Risks That Surround Social Media May 26,

Similar presentations


Presentation on theme: "© 2011 Smith Moore Leatherwood LLP. ALL RIGHTS RESERVED. Walking The Social Media Tightrope Understanding the Risks That Surround Social Media May 26,"— Presentation transcript:

1 © 2011 Smith Moore Leatherwood LLP. ALL RIGHTS RESERVED. Walking The Social Media Tightrope Understanding the Risks That Surround Social Media May 26, 2011 Presented by: Barry S. Herrin, JD, CHPS, FACHE Smith Moore Leatherwood LLP P: x1027 Presented by: Terrill Johnson Harris, JD Smith Moore Leatherwood LLP P: To ask a question during the presentation, click the Q&A menu at the top of this window, type your question in the Q&A text box, and then click “Ask.” After you click Ask, the button name will change to “Edit.” Questions will be queued and most will be answered at the end of the meeting as time allows.

2 © 2011 Smith Moore Leatherwood LLP. ALL RIGHTS RESERVED. Health Care Provider’s Gambit Walking the line between: Poor bedside manners Appropriate, in person social pleasantries The online world of social media

3 © 2011 Smith Moore Leatherwood LLP. ALL RIGHTS RESERVED. Stats Facebook –Now has 500 million users –Is the most visited site on the Internet –Average Facebook user has 130 “friends” –Each month the site accumulates more than 20 billion bits of information and 3 billion photos

4 © 2011 Smith Moore Leatherwood LLP. ALL RIGHTS RESERVED. Stats Facebook’s “Gifting Theory” –When participants consensually contribute their social and personal data to the electronic storage system, they freely consent to provide the data. –Social networking provides a radically transparent Internet experience where nothing is confidential… –Or is it?

5 © 2011 Smith Moore Leatherwood LLP. ALL RIGHTS RESERVED. PHI – Protected Health Information Health care providers have a continuing obligation to protect PHI both during and following treatment of a patient. This obligation is not negated by a patient’s own disclosure of their condition to an online audience through any media available.

6 © 2011 Smith Moore Leatherwood LLP. ALL RIGHTS RESERVED. HIPAA The HIPAA Privacy Rule provides federal protections for PHI held by covered entities and gives patients an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of personal health information needed for patient care and other important purposes – RELEASES TO SOCIAL MEDIA SITES ARE NOT AMONG THEM. The HIPAA Security Rule specifies a series of administrative, physical, and technical safeguards for covered entities to use to ensure the confidentiality, integrity, and availability of electronic protected health information.

7 © 2011 Smith Moore Leatherwood LLP. ALL RIGHTS RESERVED. Facebook, MySpace, LinkedIn Health care provider creates a social media profile –As a corporation –As an individual professional Provider and patient encouraged to “friend” one another –Such registering appears to be within the societal norm –But may be fraught with danger…

8 © 2011 Smith Moore Leatherwood LLP. ALL RIGHTS RESERVED. Facebook, MySpace, LinkedIn Depending on the platform/security, the public at large –May be able to determine the identity of online friends –Could reasonably infer that the person is a patient of the provider This assumption may create a violation of a person’s privacy rights

9 © 2011 Smith Moore Leatherwood LLP. ALL RIGHTS RESERVED. Facebook, MySpace, LinkedIn –The mere existence of a physician/patient relationship can be considered PHI: Mental health treatment Substance abuse treatment Sensitive treatment (abortion, impotence, cancer, etc.)

10 © 2011 Smith Moore Leatherwood LLP. ALL RIGHTS RESERVED. Blogging Blogging by patients often includes details of medical conditions and treatments –www.caringbridge.org –www.carepages.com Patients may not understand or appreciate the potential for unauthorized disclosure and should be notified regarding security limitations for these blogs if the agency suggests using such blogs.

11 © 2011 Smith Moore Leatherwood LLP. ALL RIGHTS RESERVED. Blogging A naïve healthcare provider may assume that posting on these blogs means the patient is waiving his or her right to have their provider safeguard the privacy of their PHI, and so replies or discusses the condition and procedure. This assumption and online response violate the patient’s privacy rights under HIPAA.

12 © 2011 Smith Moore Leatherwood LLP. ALL RIGHTS RESERVED. Advanced Camera Technology and Privacy Ease of snapping photos, uploading, and viewing increases with every new device invented. We rarely question posing for or posting a photo online. Health care facilities and providers however –must guard against posting any picture of a patient during treatment (even at home) inside a health care facility

13 © 2011 Smith Moore Leatherwood LLP. ALL RIGHTS RESERVED. Advanced Camera Technology and Privacy Photos of patients during treatment –constitute an invasion of privacy –could be protected health information under HIPAA Imperative that written policies regarding the use of all cameras, especially cell phone and PDA cameras, are adopted and enforced

14 © 2011 Smith Moore Leatherwood LLP. ALL RIGHTS RESERVED. Advanced Camera Technology and Privacy Illustration –A hospice nurse has treated a patient for a long time and the two become good friends. –They have their picture taken together at the patient’s home. –The patient passes away. –The grieving nurse posts the picture online through a social media account and indicates that she is saddened by the loss of her “favorite patient”.

15 © 2011 Smith Moore Leatherwood LLP. ALL RIGHTS RESERVED. Advanced Camera Technology and Privacy Her online expression is perfectly normal for a human being But completely inappropriate in a professional relationship between patient and provider

16 © 2011 Smith Moore Leatherwood LLP. ALL RIGHTS RESERVED. Advanced Camera Technology and Privacy The nurse’s innocent post could constitute A violation of HIPAA (even without name being used) if any other PHI is included such as –Date of death –Cause of death –Fact about nature of treatment

17 © 2011 Smith Moore Leatherwood LLP. ALL RIGHTS RESERVED. Advanced Camera Technology and Privacy Study performed at the University of Florida in 2007 and 2009 of all medical students and residents to determine –who had Facebook profiles –and to scan them to determine how many contained representations of protected health information, such as portrayals of people (either in text or pictures), names, dates, or descriptions of procedures.

18 © 2011 Smith Moore Leatherwood LLP. ALL RIGHTS RESERVED. Advanced Camera Technology and Privacy Almost half of all eligible students and residents had Facebook profiles (49.8%). There were 12 instances of potential patient violations, in which students and residents posted photographs of care they provided to individuals.

19 © 2011 Smith Moore Leatherwood LLP. ALL RIGHTS RESERVED. Advanced Camera Technology and Privacy Photographs included trainees interacting with identifiable patients, all children, or performing medical examinations or procedures such as vaccinations of children. While students and residents in this study are posting photographs that are potentially violations of patient privacy, they only seem to make this lapse in the setting of medical mission trips.

20 © 2011 Smith Moore Leatherwood LLP. ALL RIGHTS RESERVED. Advanced Camera Technology and Privacy The recommendation was that all trainees need to learn to equate standards of patient privacy in all medical contexts using both legal and ethical arguments to maintain the highest professional principles.

21 © 2011 Smith Moore Leatherwood LLP. ALL RIGHTS RESERVED. Advanced Camera Technology and Privacy Three practical guidelines were suggested: –A legal resource for physicians traveling on medical mission trips such as an online list of local laws, or a telephone legal contact, should be established. –Institutions that organize medical mission trips should plan an ethics seminar prior the departure on any trip because the legal and ethical implications may not be intuitive. –At a minimum, traveling physicians should apply the strictest legal standard to any situation.

22 © 2011 Smith Moore Leatherwood LLP. ALL RIGHTS RESERVED. Advanced Camera Technology and Privacy Ramifications for health care professionals: –Many employee suspensions or firings after unauthorized release of patient photos Chief Resident of General Surgery, Mayo Clinic –Firings also related to inappropriate comments or complaints about employer or patients, which can result in loss of future job opportunities (25-75% of employers check social networking sites in hiring process)

23 © 2011 Smith Moore Leatherwood LLP. ALL RIGHTS RESERVED. Advanced Camera Technology and Privacy Some facilities have banned the use of any cell phones or laptops under any circumstance by staff or patients. –difficult to enforce –may be counter productive Others require completion of a form stating that photos will be taken of family members only.

24 © 2011 Smith Moore Leatherwood LLP. ALL RIGHTS RESERVED. Advanced Camera Technology and Privacy Other safeguards against privacy violations: –Conspicuously posted signs clearly stating bans or limitations on cell phone or camera usage within facilities so that staff, volunteers and patients are all aware –Training regarding privacy and improper usage

25 © 2011 Smith Moore Leatherwood LLP. ALL RIGHTS RESERVED. Advanced Camera Technology and Privacy The inconvenience of safeguards is real As are the potential costs of violations –Patients may file complaints about privacy violations with the Office for Civil Rights within the Department of Health and Human Services

26 © 2011 Smith Moore Leatherwood LLP. ALL RIGHTS RESERVED. Avoid Violations Providers should avoid violating a patient’s PHI when participating in social media by, at a minimum, requiring potential online patient/friends to agree to a written statement indicating that they have read an online disclosure BEFORE an online “friendship” can be started. Do not comment online without a patient’s express written authorization to do so.

27 © 2011 Smith Moore Leatherwood LLP. ALL RIGHTS RESERVED. Avoid Violations HIPAA violations are inevitable unless health care providers –Implement and enforce detailed social networking policies –Manage patient privacy expectations –Integrate those policies with their human resources disciplinary policies

28 © 2011 Smith Moore Leatherwood LLP. ALL RIGHTS RESERVED. HR Policies Regarding Social Networking Scrutinize policies regarding the use of , laptops, and handheld devices to transmit or store PHI Company policies should address topics including –Definition of “social networking” –Productivity “ Social notworking” –No right to privacy and monitoring Make clear that computer activity may be viewed without their consent

29 © 2011 Smith Moore Leatherwood LLP. ALL RIGHTS RESERVED. HR Policies Regarding Social Networking –Identity of user and disclaimers –Confidentiality –Harassment/Discrimination –Recommendations –Social networking outside of work –Discipline –Employer Usage

30 © 2011 Smith Moore Leatherwood LLP. ALL RIGHTS RESERVED. Penalties Four new penalty tiers were implemented, effective November 30, 2009 For violations occurring on or after February 18, 2010: –CMPs ranging from $100 to $50,000 per violation, up to $1.5 million for identical violations occurring during a calendar year, where the entity did not and, by exercising reasonable diligence, would not have known that a violation occurred

31 © 2011 Smith Moore Leatherwood LLP. ALL RIGHTS RESERVED. Penalties –CMPs ranging from $1,000 to $50,000 per violation, up to $1.5 million for identical violations occurring during a calendar year, where the violation was due to “reasonable cause” and not willful neglect Reasonable cause: “circumstances that would make it unreasonable for the covered entity, despite the exercise of ordinary business care and prudence, to comply”

32 © 2011 Smith Moore Leatherwood LLP. ALL RIGHTS RESERVED. Penalties –CMPs ranging from $10,000 to $50,000 per violation, up to $1.5 million for identical violations occurring during a calendar year, where the violation was due to willful neglect and was corrected during the 30 day period following the date the covered entity knew or should have known the violation occurred

33 © 2011 Smith Moore Leatherwood LLP. ALL RIGHTS RESERVED. Penalties –CMPs of at least $50,000 per violation, up to $1.5 million for identical violations occurring during a calendar year, where the violation was due to willful neglect and was not corrected during the 30 day period following the date the covered entity knew or should have known the violation occurred

34 © 2011 Smith Moore Leatherwood LLP. ALL RIGHTS RESERVED. Penalties Penalties may be avoided if the entity can demonstrate: –Violation is the result of a knowing, criminal act by an individual that is punishable under 42 U.S.C. § 1320d- 6, or –Violation is not due to willful neglect and was corrected within the 30 days following discovery or such additional period as the Secretary deems appropriate

35 © 2011 Smith Moore Leatherwood LLP. ALL RIGHTS RESERVED. Penalties Secretary may waive an imposed CMP if the CMP would be excessive if the violation was due to “reasonable cause,” even where the violation was not corrected during the 30 day period following discovery or other period deemed appropriate by the Secretary.

36 © 2011 Smith Moore Leatherwood LLP. ALL RIGHTS RESERVED. Questions?

37 © 2011 Smith Moore Leatherwood LLP. ALL RIGHTS RESERVED. Contact Information Barry S. Herrin, JD, CHPS, FACHE x Terrill Johnson Harris, JD


Download ppt "© 2011 Smith Moore Leatherwood LLP. ALL RIGHTS RESERVED. Walking The Social Media Tightrope Understanding the Risks That Surround Social Media May 26,"

Similar presentations


Ads by Google