Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Is Health Data Privacy On Its Way Out?

Posted on April 30, 2018 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

As healthcare providers gradually improve their HIPAA data security and privacy compliance, one might think that the odds of a breach occurring are getting lower. Maybe that’s true within the provider organizations themselves, but there are forces outside of healthcare which will make it impossible to protect personal data in the future, according to a post on Axoblog.

The piece argues that the notion of data privacy is dying. “To the extent that emails and other communications meant for designated recipients are analyzed, scraped aggregated and stored it is the opinion of this author that the protection of PHI is illusory,” the article says.

As the piece correctly notes, unscrupulous companies and can learn a great deal about consumers by analyzing their Internet search history. And of course, there are social media stalkers like Facebook, which monitors Internet activity even when the subscriber is logged off. (It’s hard to believe that other Internet companies aren’t doing the same thing in a less public manner.)

By using a rich source like Facebook user data and aggregating it with information from other social media networks, outsiders can pull together a personal profile of users. This database could easily expose medical information that should be protected under HIPAA and HITECH.

And it’s not just Facebook data that is of concern. By buying available data from all the social media networks, then matching that data with commercial databases offering details such as address, phone number and location, it’s possible to develop an astonishingly detail portrait of individuals.

So what should providers do in the age of minimum privacy? Be aware of emerging threats, the author suggests:

  • Be aware that social media outlets aren’t subject to the legal requirements providers are when compiling health information.
  • Keep your eye on data aggregators, which are selling data to everyone you can think of, plus others you wouldn’t even have considered, including marketers, advertisers and researchers.
  • The government has only now begun trying to understand how social media networks handle privacy and how well they explain their practices to consumers
  • In the wake of Facebook scandals, social media giants might develop protocols for managing sensitive data, but they may fail at doing this, in which case the government is likely to step in
  • Though Facebook has been asked by regulators how the company manages and shares data, it seems that no one’s asking about the aggregation of data and how it is stored and protected

Now, I’d like to think the article described above is a bit too pessimistic. If nothing else, I’m not sure that the aggregation of other forms of data means that medical privacy will become impossible to defend. Still, the piece makes it clear that we have a long way to go before we can sure PHI is protected by companies like Facebook.

HIPAA and Facebook Are Diametrically Opposed

Posted on June 5, 2017 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I tweeted this from the CHIME Fall Forum last year, but the idea is still on my mind. First, are HIPAA and Facebook diametrically opposed? Second, if they are or they aren’t, what does that mean for healthcare?

I’m not sure the intent of the person who said that Facebook and HIPAA were diametrically opposed, but I think it’s a reasonable observation. Facebook cares about getting and sharing as much information about you as possible. HIPAA cares about trying to protect your information.

While I think this is fundamentally how these companies think, the reality of what they do is much closer than people would think at first glance. While Facebook certainly wants to collect all of your personal data, it also has become quite sophisticated in its efforts to allow you to control how your data is shared. This wasn’t something that came naturally to them, but was forced upon them by years of crazy indiscretions which forced their hand.

HIPAA has come from the other end. While HIPAA is the portability act and not the privacy act (common mistake), that’s not how it was viewed when it was implemented. Everyone in healthcare saw HIPAA as a way to inhibit data sharing as opposed to a way to provide a framework for secure data sharing. In many cases, that’s still how people use HIPAA today. However, we’re starting to see that change as healthcare organizations have realized that their organizations need to share data. While not as progressive as Facebook in their data sharing controls, healthcare has become much more specific about how, when, what, and where they share patient data.

While we can find plenty of privacy and security issues with Facebook and HIPAA, I’d argue that both of them have become much more sophisticated in their approach to privacy and security. I believe this trend will only continue to get better.

What does all of this mean for healthcare?

Healthcare can learn a lot from Facebook when it comes to creating sophisticated privacy options that put the patient in control of their health data and allow the patient to control if and when that data is shared. However, we shouldn’t be surprised when we implement these controls and patients start sharing in ways that might feel risky to us. We may want to consider even more training on these sophisticated sharing options than what Facebook did for their users.

No doubt there’s a power in health data and much of that power is unleashed when it’s shared with the right people. The best thing we can do to unleash this power isn’t to create a free for all data sharing approach, but instead to take a more sophisticated data sharing approach that puts the patient at the center of the decision making process.

Samsung Invests Big in Virtual Reality at Facebook’s F8 Conference

Posted on April 15, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

This post is sponsored by Samsung Business. All thoughts and opinions are my own.

Ever since the CES conference earlier this year, I’ve been extremely interested in the virtual reality and augmented reality space. There’s a lot of potential for virtual reality in healthcare including in: training, diagnosing and treatment. Plus, I always remember that the best use cases for technology are often ones we can’t even imagine because of our own biases and constrained thinking. However, as we invest more in virtual reality, we’ll discover even better ways to apply the technology to healthcare.

This week Samsung and Facebook made a huge investment in virtual reality when they gave away a new Samsung Gear VR Headset and custom Galaxy smartphone to the 2600 developers attending Facebook’s F8 developer conference. That’s a lot of developers that will start building on top of this new virtual reality platform. I’ve already seen my healthcare developer friend post on social media about her kit. I’ll be interested to see what she creates.
Samsung Gear VR - Healthcare
I’ve certainly heard many of the naysayers talk about virtual reality. They argue that the early versions are expensive, require powerful computers, are tethered, require headsets and can cause headaches. These are all challenges, but most of them will be fixed as the technology evolves and matures. Plus, being healthcare I found the comment around headaches really interesting. I got headaches and eye strain from Google Glass, but I’ve never had an issue with virtual reality giving me a headache. It’s definitely something to watch though.

These challenges aside, I’ve found my experiences with virtual reality to be absolutely immersive. I totally lost myself in the experience and almost forgot the world around me. As I think back on that experience, I did realize that the key to an amazing experience was compelling content. If I was watching or doing something in a virtual world that wasn’t interesting, then you would have definitely lost me. Let that be a lesson to everyone in healthcare. You only get one chance to make a first impression on healthcare. Be sure that whatever healthcare virtual reality use case you’re working on has really compelling content. If you don’t, you’ll burn a whole generation of decision makers on virtual reality.

With this in mind, it’s going to be just as important for us to watch the virtual reality content creation space as the virtual reality display devices themselves. Can we make virtual reality content in a cost effective way? How hard will it be to create compelling content? Will the quality of the content be good enough to apply it to medicine?

These are all open questions I’ll be watching in the virtual reality space. However, given the impressive progressive we’ve seen over just the past couple years, I’m really excited by the possibilities. Healthcare better prepare for virtual reality based training and education. Soon enough your doctor will be diagnosing you using virtual reality and possibly from a remote destination. It’s not hard to imagine many treatment options being made available in a virtual reality environment.

Virtual reality in healthcare has some really incredible opportunities. I’m excited to see such a huge investment in virtual reality by both Samsung and Facebook. A lot of that innovation is going to trickle down into healthcare.

For more content like this, follow Samsung on Insights, Twitter, LinkedIn , YouTube and SlideShare.

Social Media Tips for #HIMSS16 – More Than Just Tweets

Posted on February 12, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

The massive HIMSS 2016 Annual Conference is just around the corner and I’ll be participating in it in a big way like usual. I already posted about the 7th Annual New Media Meetup at HIMSS and my session with Shahid Shah on “Marketing to Customers in an Uncertain Healthcare IT Marketplace“. Would love to see any and all of you at those events. I was also blessed to be selected as a HIMSS 2016 Social Media Ambassador (Maybe I should have said #HIMSS16 instead of HIMSS 2016). It’s an amazing group of people and so I feel so thankful to be in such great company.

It’s been fun to watch the evolution of social media at HIMSS. I’m sure one day my kids will look back and say “weren’t you one of the pioneers that use to use that old platform called Twitter which we read about in our history books?” I’ll be happy to say Yes!

Next week Shahid and I are doing a webinar on “Why Don’t People Care About What You’re Selling at HIMSS?” and this is one piece of a slide we’ve been preparing for that webinar:

HIMSS Social Media Growth

That’s incredible growth. In fact, I just did a quick query and there have already been 35k tweets to the #HIMSS16 hashtag and we’re still over 2 weeks away from the event. The explosion of social media sharing that happens during the 5 days of the event hasn’t even started. That’s some extraordinary growth, but that also means there’s a lot more noise.

While Twitter is a fantastic tool, there’s much more to social media than just Twitter. In fact, because Twitter has become so popular (see graphic above), your investment in other social media platforms are likely as important as your investment in Twitter. Let me cover some other social media avenues you might consider using before, during, and after HIMSS.

Side Note: Before I cover the non-Twitter social media options you might consider, I want to mention that Twitter is still extremely powerful. My mention of other social platforms isn’t to diminish the power of Twitter, but instead to expand the scope from one powerful tool to many powerful tools. Plus, I made a bunch of HIMSS Twitter tips and tricks last year and those still apply.

LinkedIn – In many ways, LinkedIn is even more powerful to Twitter. This is particularly true in the business world. I’m still surprised how many people think that LinkedIn is still their online resume. It is that, but it’s so much more. There are hundreds of amazing groups (see the Healthcare Scene group) on LinkedIn that cover every topic imaginable. Join them and participate in the discussions. You’ll be amazed at the connections you make. No doubt many of the people in those groups will also be at HIMSS. Find them. Connect with them and then meetup in person at HIMSS. That’s a powerful use of social media.

Blogging – While a tweet is easy to create, a blog post has a much longer lasting impact. Because of all the activity around HIMSS, a really well done blog post can more easily “go viral” during HIMSS. I’ve seen well done blog posts make the rounds in a fantastically powerful way thanks to the #HIMSS16 hashtag. Those blog posts are often what people are talking about over drinks or in booths at HIMSS. If you don’t have your own blog, try LinkedIn’s blog or medium or even leverage Healthcare Scene’s blogs.

Facebook – People often forget that Facebook can be a powerful tool for yourself or your business. Everyone is on Facebook (give or take a few million), and there’s no better way to connect with someone than doing it both personally and professionally. Plus, there are Facebook groups where like minded people are having work conversations (Here’s the Healthcare Scene Facebook group) or sharing and consuming content. Join those conversations and you’ll be surprised how quickly you can connect to and learn from amazing people.

Periscope – Watch for Periscope to have a break out year at HIMSS this year. I’m not a huge fan of Periscope for a lot of things in healthcare IT, but live events is the perfect place for Periscope. I’ll be searching through Periscope to find who is broadcasting periscopes from HIMSS16 so I can see some of the interesting things I missed. Plus, I’ll likely be doing some periscopes from HIMSS16 myself, so watch for those.

HIMSS Mobile App – I’ll admit that this is a new one for me. I just downloaded the HIMSS Mobile App and I’m excited to see how well it works. While many people think it’s a way to find sessions, maps, etc, the mobile app is much more powerful as a way to connect with people. Unlike Twitter, the mobile app won’t likely have all the noise that exists on Twitter because you can’t automate what’s posted to the mobile app as easily as you can Twitter. Take some time to be active and share insights on the mobile app. I think you’ll be surprised at the impact you can have if you do so.

Those are a few suggestions. Let me know any other thoughts or suggestions you have on how to leverage social media before, during and after HIMSS16.

HIPAA Slip Leads To PHI Being Posted on Facebook

Posted on July 1, 2014 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

HHS has begun investigating a HIPAA breach at the University of Cincinnati Medical Center which ended with a patient’s STD status being posted on Facebook.

The disaster — for both the hospital and the patient — happened when a financial services employee shared detailed medical information with father of the patient’s then-unborn baby.  The father took the information, which included an STD diagnosis, and posted it publicly on Facebook, ridiculing the patient in the process.

The hospital fired the employee in question once it learned about the incident (and a related lawsuit) but there’s some question as to whether it reported the breach to HHS. The hospital says that it informed HHS about the breach in a timely manner, and has proof that it did so, but according to HealthcareITNews, the HHS Office of Civil Rights hadn’t heard about the breach when questioned by a reporter lastweek.

While the public posting of data and personal attacks on the patient weren’t done by the (ex) employee, that may or may not play a factor in how HHS sees the case. Given HHS’ increasingly low tolerance for breaches of any kind, I’d be surprised if the hospital didn’t end up facing a million-dollar OCR fine in addition to whatever liabilities it incurs from the privacy lawsuit.

HHS may be losing its patience because the pace of HIPAA violations doesn’t seem to be slowing.  Sometimes, breaches are taking place due to a lack of the most basic security protocols. (See this piece on last year’s wackiest HIPAA violations for a taste of what I’m talking about.)

Ultimately, some breaches will occur because a criminal outsmarted the hospital or medical practice. But sadly, far more seem to take place because providers have failed to give their staff an adequate education on why security measures matter. Experts note that staffers need to know not just what to do, but why they should do it, if you want them to act appropriately in unexpected situations.

While we’ll never know for sure, the financial staffer who gave the vengeful father his girlfriend’s PHI may not have known he was  up to no good. But the truth is, he should have.

Marketing Your Medical Practice in the Digital (Social) Age

Posted on June 28, 2013 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

On Saturday, June 30, Tweeters, Instagramers, Pinners and the like will gather to celebrate the fourth annual Social Media Day, presented by Mashable, a leading online source for news and information focused on the Connected Generation. And each year, social media plays a greater role in #healthcare and #HealthIT. Here are a few stats from recent months:

  • 51% of those surveyed say that digital health communications would make them feel more valued as a patient
  • 90% of adults 18-24 years of age say they would trust medical information shared by others in their social media networks
  • 41% of people say social media would affect their choice of health care provider

To raise awareness about the social media benefits for health care professionals, I asked Dr. Lawrence Rosen, an athenahealth client, social-savvy clinician, practice owner and influencer, about best practices and tips for marketing a medical practice on social networks.

When did you realize it was time to put your practice on Facebook? When was that ‘a-ha’ moment?

It happened the day I started my practice, The Whole Child Center, in 2008. I recognized that savvy parents were using Facebook to gather and share information about their kids. They not only wanted to post photos of their one-year-old’s birthday party but also wanted to interact with their health care providers. I thought it would be great if we could develop this online community to build on the brick-and-mortar community we developed within the four walls of our practice.

To create an effective Facebook strategy, it’s key to know your audience and what you’d like them to do. Who are your Facebook target audiences? Are you surprised by any groups that you’re reaching?

As a pediatrician, my primary target audience is easy—moms. And for Facebook, that’s a key demographic. Recent insights showed that 80% of our Facebook audience is women with more than 60% ages 25-44.

The most surprising demographic? Other health care practitioners interested in the unique integrative and eco-sustainable approach we take to medicine.

Discuss the types of content you have generated and how you personally grown your Facebook presence and, in essence, your practice.

Initially, our content was mostly health information, current articles and trends in the news. I then realized that photos and videos garnered much more interest, so we developed a space for parents to post photos of their kids having fun in our office. With HIPAA concerns, we are really careful to never post patient information directly, but parents can certainly share information about their own experiences, and they love sharing these pictures. Also, I’ve found videos of my media appearances or webinars, when posted on seasonal or topical issues, always get a lot of likes and shares.

What are examples of online content that have increased visibility or engagement for your practice? 

The most gratifying and widespread content has been related to our response to the 2012 Hurricane Sandy tragedy in New Jersey and New York. We posted a call for new or gently used baby equipment—strollers, car seats, high chairs—for one of our practice’s  moms to deliver to a devastated section of Queens, NY.  In one week, we gathered enough donations to fill a box truck. This mom, who had family in the damaged area, was so thrilled to partner with us, and it really helped raise awareness in our area of the plight of young families.

Are there any rules of the road, things people should remember when marketing their practice on a social network?

Don’t post private information. Don’t pester your audience by posting 40 things a day. Be strategic, know your audience, pay attention to what people like and share, and keep your content relevant to hot topics, and local or regional health issues. In general, stay away from divisive political or religious issues.

What you post is going to be seen as a reflection of your organization’s values and will positively or negatively affect your reputation. Recognize the power of your social network to engage and build your community.

Dr. Rosen is an integrative pediatrician based in Oradell, N.J. and a contributor to the athenahealth blog

New Friend Request…From the Family Doctor?

Posted on May 11, 2012 I Written By

Katie Clark is originally from Colorado and currently lives in Utah with her husband and son. She writes primarily for Smart Phone Health Care, but contributes to several Health Care Scene blogs, including EMR Thoughts, EMR and EHR, and EMR and HIPAA. She enjoys learning about Health IT and mHealth, and finding ways to improve her own health along the way.

It seems like every company, person, or product has a Facebook page nowadays. I’m not complaining — I actually really like being able to connect through Facebook. Several months ago, I noticed quite a few pages for hospitals or doctors popping up, and I even “liked” a few of them myself. After “liking” them, I didn’t think much of it, until one day I saw an update from one, Intermountain Moms. Apparently, every week, “Nurse Dani” answers the questions of moms everywhere. Simply write a question under the status update, and she answers it.

I thought this was pretty neat. In fact, I asked my own question. It was something that I felt silly calling my son’s pediatrician about but was worrying me. Within a matter of minutes, Nurse Dani responded to my question. Not only did she put my nerves to rest, but she was so kind in answering. It felt like I was talking to an old friend. As I read the rest of her responses to other mom’s questions, the same respect was given. And while I’m not about to start text messaging my nurses and doctors (so not ready for that kind of relationship), I think it’s nice that more health professionals are getting involved with their patients through social networking.

According to an article on US News, doctors across the country are connecting through Facebook, Twitter, and FourSquare. Apparently, there is a website called TwitterDoctors.net, which is essentially a place where doctors who “tweet” register their names and make it easy for patients to find them. This article talks about how different doctors are implementing social networking into their websites. Here is a little bit of what the author said:

Some doctors are latching onto social media to issue real-time alerts and reminders, a unarguably valuable service for time-pressed patients. Stream cites colleagues who tweet when they’re running late for appointments, for instance, so patients know they needn’t rush to the office. Others post hours for flu shot clinics and encourage patients not to overlook the vaccine.

To me, I think this is great. I would love to have these types of updates readily available. Who likes waiting at the doctor’s office? Recently, when we took my son to his well-child appointment, we waited an hour in the waiting room. Or being able to post my concerns or questions and receive instant feedback, especially concerning menial topics that are worrying me but may not warrant a doctor’s visit?

I can see some downsides to this though. The professional relationship between doctors, nurses, etc. with their patients might become a bit blurry. There should definitely be limits. Like, should patients and their doctors be actual Facebook friends? When I graduated from high school, I remember becoming friends with some of my former teachers. They refused to add students that were currently still in school, and I can see why. Once someone in a position of trust (i.e., a teacher or doctor) becomes more intimately invovled in one of their student’s or patient’s life, things can get weird.

But in general, as I’ve already said, I love that practitioners are becoming involved in social networking. Like it or not, that’s the way the world is going, and I think it would be wise for doctor’s to know at least the simple parts of social networking (and maybe hire a tech-savvy office assistant to manage the Facebook page).  As the article I previously mentioned quotes Kevin Pho, a medical blogger, saying:

These are powerful, tremendously influential tools. Doctors should be taking advantage of the opportunity.”

So what do you think? Is it a good thing that doctors and hospitals are getting involved with patients through social networks, or is it making the doctor-patient relationship too casual?

EMR as Medical Devices, Facebook Organ Donor Initiative, and Innovation at Big Companies

Posted on May 6, 2012 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

There was some interesting news this week in healthcare IT and EMR. Plus, there are some ongoing conversations that are still happening.

The following 3 tweets highlight this. It’s one of the things I love about Twitter is that you can discuss lots of interesting happenings and news along with discussing lots of important topics. Here are just a few of them that were talked about this week.


I disagree. I think there are very few absolutes in this world, but I don’t EMR should be considered a medical device. There is more than enough government regulation going on with the EMR industry as is. I can’t imagine what benefit would be achieved with more government regulation.


This was big news and was a great illustration of the good that can be done by large companies like Facebook when it comes to healthcare. The real problem is that developers and entrepreneurs aren’t using the Facebook platform as much because they’ve killed it for the entrepreneur. Facebook is unlikely to do much on their own in the healthcare space other than these one off initiatives like this.


The question in the #HITsm chat was which healthcare IT companies were innovating. My first answer was are there any big companies that are innovating? This was my follow up tweet about how “innovation centers.” Jennifer Dennard followed up with a question about whether hospital innovation centers counted. I can see an exception in some cases. Particularly when the hospital is squarely focused on research. Then, research can produce some innovative results and many things in healthcare cost so much money that it takes a large company to pay for the research.

Social Media for Patient Recruitment

Posted on May 1, 2012 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I previously posted about Patient Recruitment & EHR where I talked about some of the intricacies of patient recruitment and use of EHR for clinical study patient recruitment. While I’m certain that EHR will be a major player in the patient recruitment of the future, I saw a tweet today that made a great case for social media being the go to platform for patient recruitment today.

Here’s the tweet from @JeffBrittonMD:

70% of patients were recruited on Facebook. That number hit me when I saw it. Although, after thinking about it a little bit it makes a lot of sense. The real key to Facebook recruitment is that they know a lot of information about you which advertisers can use to target their ads. So, it makes perfect sense for Facebook to work for patient recruitment.

I think we’ll see other social media channels prove beneficial to patient recruitment as well. Although, it’s still early for many of the other platforms that I think will prove most valuable. Keep an eye on Twitter to start. Also, don’t underestimate the power of mobile apps and even a physician’s social media presence.

Patients Medical Record Posted to Facebook – HIPAA Violation

Posted on January 24, 2012 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I’ve generally been writing more about the EMR side of EMR and HIPAA lately. For the most part, it seems readers are more interested in EMR and EHR than they are in the details of HIPAA. Although, one of my top posts ever is from back in 2006 about HIPAA Privacy Examples and HIPAA Lawsuits. It seems that people are most interested in HIPAA when it has something to do with a HIPAA violation or lawsuit.

Today’s HIPAA violation could very likely become a HIPAA lawsuit. Plus, it is a word of caution to those about training your staff on HIPAA requirements and also on proper use of social media in healthcare.

Anne Steciw posted about the violation on Search Health IT. Here’s an excerpt from her post:

Details of the health data breach provided by the Los Angeles Daily News indicate that the employee, who was provided by a staffing agency, shared a photo on his Facebook page of a medical record displaying a patient’s full name and date of admission. The employee appeared to be completely ignorant of HIPAA laws.

I’m sure every hospital and healthcare administrator is cringing at this. I’m sure many could share stories of HIPAA issues related with staffing agencies as well. Although, it’s really hard for me to understand how someone even from a staffing agency could be so ignorant to the HIPAA laws. I’m not overstating how ignorant this person was in this situation. The above article explains something even more outrageous and unbelievable:

Even after being told by other posters that he was violating the patient’s privacy, the employee argued: “People, it’s just Facebook…Not reality. Hello? Again…It’s just a name out of millions and millions of names. If some people can’t appreciate my humor than tough. And if you don’t like it too bad because it’s my wall and I’ll post what I want to. Cheers!”

To me this is totally mind boggling. I’m sure many will argue that this person was exhibiting many of the characteristics of the Facebook generation of users. That’s a cop out and an excuse, but does make a larger point that many of the next generation have these outlandish views of what’s theirs and what’s ok and reasonable. Sadly, far too many people think when it’s humor it’s ok to do anything. It’s not and I’m sure those dealing with HIPAA violations won’t find it a reasonable excuse either.

One thing I really hate about stories like this is that they give a bad name to use of social media in healthcare. Social media is like most things which can be used for good or bad. It’s a shame if incidents like this discourage people from accessing the benefits of social media.

This is another good example of how our biggest HIPAA privacy vulnerability is people.