fbpx

Enter your keyword

How HIPAA Impacts Social Media Usage

How HIPAA Impacts Social Media Usage

How HIPAA Impacts Social Media Usage

Social Media can be an effective tool for sharing experiences, building professional connections, and broadcasting conventional healthcare announcements to the public. However, careless posts that have client or patient-specific information could ruin the reputation of any healthcare organization.

On April 14, 2003, the “Health Insurance Portability and Accountability Act” (HIPAA) became law with the goal of protecting the privacy of patient medical records, hospitals, doctors, and health plans. The regulations set forth by this legislation allowed patients to freely access their medical records and gave them more control over the disclosure and use of their private health information.

Billions of people consume Social Media content every day, and over 30% of healthcare professionals use the same platforms to build and expand their professional network. There are advantages to utilizing Social Media in the medical field, such as notifications about new services, and interacting with patients. However, there is a possibility that using this platform the wrong way will lead to violations in patient privacy and HIPAA regulations.

What actions on Social Media violate HIPAA rules?
According to HIPAA regulations, a violation or breach is unauthorized use or disclosure under the Privacy Rule which exposes the privacy or security of Protected Health Information (PHI).

Examples of common violations include:

  • Sharing pictures (like a team lunch in the workplace) with patient information visible in the background.
  • Sharing any form of PHI (such as images) without the patient’s written consent.
  • Posting “gossip” about a patient to those who are not concerned, even if the name is not mentioned.

How much do HIPAA violations cost?
People in the healthcare industry cannot treat HIPAA lightly. If an employee were found guilty of violating a HIPAA rule, that person could face a fine between $100 and $1,500,000. Depending on the severity of the violation, the employee might face a 10-year jail sentence, lawsuits, termination from the job, and the loss of medical license.

How can healthcare organizations prevent violations?
It is a good idea to have employees undergo training on HIPAA Security and HIPAA Privacy procedures and policies when they are hired. Topics that should be discussed include workstation use, workstation security, and bringing personal devices into the workplace. These procedures are crucial to making sure that employees comply with HIPAA rules and are protecting patient information, whether it be electronic, written or oral.

Do you work in the healthcare industry and need help managing IT and privacy issues? Feel free to give us a call today!

Published with permission from TechAdvisory.org. Source.

Dropsuite:

Dropsuite is a cloud software platform enabling businesses and organizations globally to easily backup, recover and protect their important business information including emails, contacts, calendars and OneDrive/Sharepoint files. Compliant email backup and archive system with a 10-year retention policy.

Vade Secure:

Vade Secure is an AI-based email security solution to improve security for Office 365 and block advanced phishing, spear phishing, and advanced malware threats. Vade Secure analyzes emails, webpages, attachments, and images with machine learning and deep learning algorithms that are trained to detect behaviors and anomalies common to advanced email threats.

Office Protect:

Office Protect is a service that’s designed to help you secure your Microsoft 365 tenant. Using our powerful in-house security software, our analysts actively monitor for threats, investigate alerts, eliminate false positives, and provide guided response and remediation. Protects against account break-ins, data exfiltration, business email compromise, phishing, internal threats, lateral movement, ransomware, and attacks by nation states.

Dark Cubed:

Dark Cubed focuses on real-time monitoring, threat intelligence, predictive analytics, elegant dashboard, streamlined workflow, executive reporting and active blocking. This is another layer of security that integrates with the firewall.

ThreatLocker:

ThreatLocker is a zero-trust endpoint security tool giving companies control over what software can run, by whom, and what data can be accessed.

It keeps a full detailed audit of what applications are used and data accessed/transferred/deleted and by what users (signature tracking, etc.) If something unusual happens, such as a signature change, or a user opens an application that is out of their normal routine the administrator is alerted. This is a crucial tool in identifying malware threats, as well as helping organizations identify if users are accessing applications and/or data/ files they should not be.

ThreatLocker provides a solution that allows businesses to control the content that runs on their network. Unlike AntiVirus software ThreatLocker is not looking for known viruses or malware. ThreatLocker uses a complex set of rules to determine what can be executed on a network and stops anything that has not been approved before it can even execute.

Huntress:

Huntress is a supplement to SentinelOne. Hackers are becoming more sophisticated, and Huntress actively seeks out these threat actors with a "defend forward" mentality. This software combines both advanced security tools along with human intervention to ensure even the most advanced hackers can't penetrate your network.

SentinelOne:

SentinelOne is a comprehensive enterprise security platform that provides threat detection, hunting, and response features that enable organizations to discover vulnerabilities and protect IT operations. SentinelOne integrates static artificial intelligence (AI) to provide real-time endpoint protection and reduce false positives that derail investigations or make threat detection a capital-intensive process. This will replace Webroot in your current environment.