1. Social Media Compliance
for Healthcare Professionals
Presented by:
Asha Kamath,
Joanna Wolfe
&
Srini Kolathur
1

2. Webinar Objectives
Understand social media security and
compliance challenges and how to effectively
use social media while complying with HIPAA
regulatory requirements.
E-mail: info@ehr20.com
2

3. Who are we …
EHR 2.0 Mission: To assist healthcare
organizations develop and implement
practices to secure IT systems and comply
with HIPAA/HITECH regulations.
 Education(Training, Webinar & Workshops)
 Consulting Services
 Toolkit(Tools, Best Practices & Checklist)
Goal: To make compliance an enjoyable and painless
experience, while building capability and confidence.

4. Glossary
1. PHI: Protected Health Information
2. HIPAA: Health Insurance Portability and Accountability
Act
3. HITECH: Health Information Technology for Economic
and Clinical Health Act
4. HIE: Health Information Exchange
5. RSS: Real Simple Syndication
6. HHS, OCR and SAG 4

5. Trends in Healthcare IT
Informatics Collaboration
Mobile EHR
Computing HIE
5

6. US Hospitals on Social Media
 1,300+ Hospitals
6000 + Hospitals
 575 YouTube Channels
 1068 Facebook pages
 814 Twitter Accounts
1300+ Hospitals
 566 LinkedIn Accounts
 946 Four Square
 149 Blogs
6
Ref: http://ebennett.org/hsnl/

7. Handheld Usage in Healthcare
• 25% usage with providers
• Another 21% expected to use
• 38% physicians use medical
apps
• 70% think it is a high priority
• 1/3 use hand-held for accessing EMR/EHR
7
compTIA 2011 Survey

8. EMR and EHR systems
8

9. Health Information Exchange (HIE)
9

10. What is social media?
Network
User-created video,
audio, text or
multimedia that are Publish Microblog
published and
shared in a social
environment, such as a
blog, podcast, forum, Share Discuss
wiki or video hosting
site.
Any technology that lets people publish, 10
converse and share content online.

11. What does Social Media Mean in
Healthcare?
Online
technologies and Consumers
practices that
healthcare Regulators
Health
Coaches
professionals and Wellness
Disease Mgmt.
patients use to Clinical Trial
share opinions, Recruitment
PHR
insights, Nurses Training Physicians
experiences, and Treatment & Much
more
perspectives with
each other Clinical Allied health
Investigators pros.
11

12. Benefits to Patients
 Allows patients to share information, personal
experiences, and to socialize.
Examples: Revolution Health, Organized
Wisdom, and Patients Like Me.
 Allows increased connection with other people
suffering from the same illness or condition
 Empowers patients to take control of health
care decisions
12

13. Benefits to Healthcare Providers
 Instantaneous communication to entire class
of patients in emergency situations, such as a
drug recall or preventing scams
 To attract new clients and patients
 Improved results because of better informed
patients
 Increased productivity due to patient
knowledge
 More patient/provider interaction
13

14. Learn from other providers
 Live procedures
 Train medical personnel
 Reach main stream media
 Communicate during crises
 Accurate information to patients
14

15. Your Job is Important …
Five California nurses were terminated after it
was discovered that they were discussing
patient cases on Facebook. The situation
was investigated for weeks by both the
nurses' employer, Tri City Medical Center in
San Diego, and the California Department of
Health before the nurses were fired for
allegedly violating privacy laws.
15

16. Your Job is Important Cont.
 A Minnesota nursing home employee was
fired after rumors spread that she had posted
photos of herself with nude patients on her
Facebook page. Though no nude pictures
were found, the employee did have pictures
of herself with clothed patients, which
violated the home's privacy policy and led to
her termination.
16

17. The American Recovery and
Reinvestment Act of 2009 and HITECH
17

18. HITECH Modifications to HIPAA
 Creating incentives for developing a meaningful use of
electronic health records
 Changing the liability and responsibilities of Business
Associates
 Redefining what a breach is
 Creating stricter notification standards
 Tightening enforcement
 Raising the penalties for a violation
 Creating new code and transaction sets (HIPAA 5010,
ICD10)
18

19. Why do you need to care about social
media compliance?
 Federal Mandate
 Penalties(CMP) for non-compliance
 Reputation risk
 Business risk
 Pervasive social media
19

20. HIPAA Titles - Overview
20

21. HIPAA Security Rule
21

22. Information Security Model
Confidentiality
Limiting information access and
disclosure to authorized users (the right
people)
Integrity
Trustworthiness of information
resources (no inappropriate changes)
Availability
Availability of information resources (at
the right time)
22

23. PHI
Health
Information
Individually
Identifiable
Health
Information
PHI
23

24. ePHI – 18 Elements
Elements Examples
Name Max Bialystock
1355 Seasonal Lane
Address (all geographic subdivisions smaller than state,
including street address, city, county, or ZIP code)
Dates related to an individual Birth, death, admission, discharge
212 555 1234, home, office, mobile etc.,
Telephone numbers
212 555 1234
Fax number
Email address LeonT@Hotmail.com, personal, official
Social Security number 239-68-9807
Medical record number 189-88876
Health plan beneficiary number 123-ir-2222-98
Account number 333389
Certificate/license number 3908763 NY
Any vehicle or other device serial number SZV4016
Device identifiers or serial numbers Unique Medical Devices
Web URL www.rickymartin.com
Internet Protocol (IP) address numbers 19.180.240.15
Finger or voice prints finger.jpg
Photographic images mypicture.jpg
Any other characteristic that could uniquely 24
identify the individual

25. Violations
What is a HIPAA violation on social media?
Disclosures made on social media
concerning a patient’s PHI without that
patient’s authorization is considered a HIPAA
violation.
25

26. Scenarios
 A patient attempts to “friend” an attending
physician on Facebook …
 A nurse posts pictures of a baby who was just
discharged from her service, expressing joy,
best wishes to the family, and congratulating
everyone involved in this excellent patient
outcome …
 A lab technician blogs that the laboratory
equipment he is using should have been
replaced years ago and is unreliable …
26

27. Compliance Best Practices
 Social media do’s and don’ts filter(checklist)
 Strong social media policy and guidelines
 Training employees on how to safely use
social media and comply with HIPAA
 Web content filtering(Technology solutions)
 Social media monitoring
27

28. Top 5 Recommendations
1. Be cognizant of patient privacy, confidentiality
and individually identifiable information
2. Do not discuss patient’s conditions
3. Provide broader perspective on issues at hand
4. Share information that promotes quality health
care and up-to-date medical information
5. Everything said online can be found and is
available forever
28

29. Suggested Tweeters to Follow
 New England Journal of Medicine @NJME
 Journal of the American Medical Association @JAMA
 American Academy of Family Physicians @AAFP
 National Institutes of Health @NIHforHealth
 enters for Disease Control @CDCgov
(Among many, many others including individual medical
specialty organizations and journals)
29

30. Where do you start?
Identify Social Media Objectives &
Strategy
Develop a Social Media Program
-Training, policies, pilot
Improve Quality of Care
- Converse, Listen, Comply, Engage
and Share
Assess and Improve
- Monitor, Evaluate and adjust 30

31. Key Takeaways
 Don’t allow HIPAA anxiety to keep you from
embracing social media
 Limit liabilities with clear policies and procedures
 Social media compliance challenges are due to
lack of training
 Monitor your social media platforms
 Social media will become more pervasive
31

32. References
 Mayo Clinic
 AMA Social Media Policy
 Mount Sinai Medical Center SM Policy
 WU School of Medicine
32
 FDA Guidelines on SM

33. Next Steps
 Training Package
 Sample social media compliance polices
 Best practices checklist
 4-hour training
ehr20.com/services
 Next Live Webinars:
 Meaningful Use Security Risk Analysis (4/18/2012)
 Business Associate Assessment (4/25/2012)
Sign-up at ehr20.com/webinars 33

34. Questions?
E-mail: info@ehr20.com
Call: 802-448-2255
34

35. Thank you!!
35