Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

HIPAA and Facebook Are Diametrically Opposed

Posted on June 5, 2017 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I tweeted this from the CHIME Fall Forum last year, but the idea is still on my mind. First, are HIPAA and Facebook diametrically opposed? Second, if they are or they aren’t, what does that mean for healthcare?

I’m not sure the intent of the person who said that Facebook and HIPAA were diametrically opposed, but I think it’s a reasonable observation. Facebook cares about getting and sharing as much information about you as possible. HIPAA cares about trying to protect your information.

While I think this is fundamentally how these companies think, the reality of what they do is much closer than people would think at first glance. While Facebook certainly wants to collect all of your personal data, it also has become quite sophisticated in its efforts to allow you to control how your data is shared. This wasn’t something that came naturally to them, but was forced upon them by years of crazy indiscretions which forced their hand.

HIPAA has come from the other end. While HIPAA is the portability act and not the privacy act (common mistake), that’s not how it was viewed when it was implemented. Everyone in healthcare saw HIPAA as a way to inhibit data sharing as opposed to a way to provide a framework for secure data sharing. In many cases, that’s still how people use HIPAA today. However, we’re starting to see that change as healthcare organizations have realized that their organizations need to share data. While not as progressive as Facebook in their data sharing controls, healthcare has become much more specific about how, when, what, and where they share patient data.

While we can find plenty of privacy and security issues with Facebook and HIPAA, I’d argue that both of them have become much more sophisticated in their approach to privacy and security. I believe this trend will only continue to get better.

What does all of this mean for healthcare?

Healthcare can learn a lot from Facebook when it comes to creating sophisticated privacy options that put the patient in control of their health data and allow the patient to control if and when that data is shared. However, we shouldn’t be surprised when we implement these controls and patients start sharing in ways that might feel risky to us. We may want to consider even more training on these sophisticated sharing options than what Facebook did for their users.

No doubt there’s a power in health data and much of that power is unleashed when it’s shared with the right people. The best thing we can do to unleash this power isn’t to create a free for all data sharing approach, but instead to take a more sophisticated data sharing approach that puts the patient at the center of the decision making process.

Some Friday HIPAA Humor

Posted on August 8, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

It’s Friday after a long week for me and I imagine many of you. So, let’s keep today post short and simple and hopefully give you a little laugh. Nothing like humor to help make any day better.

HIPAA Cartoon

Thanks to Practice Manager Solutions for sharing it with me.

Patients Want to Share Their Medical Data

Posted on March 29, 2013 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

During the recent Dell Healthcare Think Tank which I took part in, I had an idea that I think is incredibly powerful and not talked about nearly enough. In fact, I think its reasonable to say that if we want to get healthcare costs down, then we have to learn how to do this well.

The idea revolves around how we talk about privacy of health information with patients. Far too often, patients just hear news reports that talk about all of the reasons they should fear their health information getting out in the open. Instead, they almost never hear stories about how having their health information shared with the right people will actually improve their health.

The simple fact is that if you lead with all the bad things that could possibly happen with health information in the wrong hands, then of course no patient is going to want their patient information shared. However, if they know how sharing their health information with the right people will improve their care, then patients are more than willing to share away.

Basically, what I’m saying is that sharing healthcare data has been marketed wrong. The privacy advocates are well organized and have many people fearful for what will happen with their health information. I don’t have any problem with privacy advocates, because they help us to pause to take a reasonable look at the importance of privacy. However, the need for proper privacy controls doesn’t mean that we don’t share healthcare information at all.

The beauty of all of this is that the majority of people think this is how it happens in healthcare today. They don’t realize that quite often their healthcare information isn’t traveling with them to specialists and hospitals. In fact, when patients discover that it doesn’t they’re usually quite surprised and don’t understand why it doesn’t.

I hope we can work on the data sharing message. We can share your data with the people who need it so we can improve your care. If patients hear this message, healthcare data sharing will not be feared but embraced.

A Fun (and Educational) Look at Privacy and Security – Meaningful Use Monday

Posted on September 24, 2012 I Written By

Lynn Scheps is Vice President, Government Affairs at EHR vendor SRSsoft. In this role, Lynn has been a Voice of Physicians and SRSsoft users in Washington during the formulation of the meaningful use criteria. Lynn is currently working to assist SRSsoft users interested in showing meaningful use and receiving the EHR incentive money.

One of the most common sources of confusion about the meaningful use requirements is the Privacy and Security Risk Analysis measure. As I discussed in a past Meaningful Use Monday post, according to CMS, practices that are HIPAA compliant are likely in pretty good shape on this measure. For those physicians, what’s needed is documentation of the steps that were taken to review HIPAA compliance, the deficiencies identified, and what was done to remediate these exposures. (For more information, see the meaningful use chapter in ONC’s “Guide to Privacy and Security of Health Information.”)

This begs the question, “What exactly is HIPAA compliance?” I recently came upon the “Privacy and Security Training Game” that was created by ONC’s Chief Privacy Officer and couldn’t resist playing. While a lot of the information provided is quite basic for those with expertise in the privacy and security arena, as you progress through the game, the questions become more challenging. It’s definitely a fun way to introduce staff to the issues and increase awareness about the importance of safeguarding patient information.

Check out all of the past Meaningful Use Monday posts.

Patients Medical Record Posted to Facebook – HIPAA Violation

Posted on January 24, 2012 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I’ve generally been writing more about the EMR side of EMR and HIPAA lately. For the most part, it seems readers are more interested in EMR and EHR than they are in the details of HIPAA. Although, one of my top posts ever is from back in 2006 about HIPAA Privacy Examples and HIPAA Lawsuits. It seems that people are most interested in HIPAA when it has something to do with a HIPAA violation or lawsuit.

Today’s HIPAA violation could very likely become a HIPAA lawsuit. Plus, it is a word of caution to those about training your staff on HIPAA requirements and also on proper use of social media in healthcare.

Anne Steciw posted about the violation on Search Health IT. Here’s an excerpt from her post:

Details of the health data breach provided by the Los Angeles Daily News indicate that the employee, who was provided by a staffing agency, shared a photo on his Facebook page of a medical record displaying a patient’s full name and date of admission. The employee appeared to be completely ignorant of HIPAA laws.

I’m sure every hospital and healthcare administrator is cringing at this. I’m sure many could share stories of HIPAA issues related with staffing agencies as well. Although, it’s really hard for me to understand how someone even from a staffing agency could be so ignorant to the HIPAA laws. I’m not overstating how ignorant this person was in this situation. The above article explains something even more outrageous and unbelievable:

Even after being told by other posters that he was violating the patient’s privacy, the employee argued: “People, it’s just Facebook…Not reality. Hello? Again…It’s just a name out of millions and millions of names. If some people can’t appreciate my humor than tough. And if you don’t like it too bad because it’s my wall and I’ll post what I want to. Cheers!”

To me this is totally mind boggling. I’m sure many will argue that this person was exhibiting many of the characteristics of the Facebook generation of users. That’s a cop out and an excuse, but does make a larger point that many of the next generation have these outlandish views of what’s theirs and what’s ok and reasonable. Sadly, far too many people think when it’s humor it’s ok to do anything. It’s not and I’m sure those dealing with HIPAA violations won’t find it a reasonable excuse either.

One thing I really hate about stories like this is that they give a bad name to use of social media in healthcare. Social media is like most things which can be used for good or bad. It’s a shame if incidents like this discourage people from accessing the benefits of social media.

This is another good example of how our biggest HIPAA privacy vulnerability is people.