It can be argued that social media is both the best and worst thing about the modern age. On one hand it connects people and the world allowing the exchange of information and keeping up with loved ones, but on the other hand it can result in serious privacy violations and lots of problems. As a doctor social media is both great and terrible. You can use it to set up a page where you share medical info in order to promote your practice or even to connect with patients. It’s also terrible because you fear that your office staff might disclose patient information whether accidentally or intentionally and therefore violating their privacy. This can have terrible consequences for your practice as well as your reputation. It’s crucial to protect your patient’s privacy as if it were your own. In any medical television show or movie we always see discussions about doctor patient confidentiality and it’s always an important topic.
The thing about a doctor patient relationship is that it usually has very sensitive information. As a doctor you know almost everything about your patients. You know their sexual history, drinking habits, marital status, and their occupation. These are just a few things that you ask a patient about when you see them because they might be medically relevant and important. If a patient doesn’t trust his or her doctor then who can they trust? Also if they can’t trust their doctor then they’re unlikely to get better because they won’t be telling you all the facts and at the same time they won’t be able to trust your decision making abilities so they may not follow the treatment you prescribed. In order for you to be successful with your patients you have to completely earn their trust. They have to know for a certainty that whatever it is they say to you isn’t revealed to anyone else or even worse: written on the internet for everyone in the world to know and see.
Your office staff may not be completely aware of the importance of doctor patient confidentiality. They might think it’s not really a big deal which can make them take the issue lightly. So they might accidentally reveal patient information on the internet such as by posting it on twitter or facebook. They may also just tell others about your patients. This could be completely unintentional or it may be intentional if they know the patient on a personal level. If a patient finds out about this he or she may sue you or just leave you and find another doctor. In fact them simply finding another doctor would be the best case scenario as it deals the least damage to your practice and reputation. Even if they do stay, which is highly unlikely, it will be as if they’re gone because the trust between the two of you is no longer there. They will no longer share information with you and probably won’t adhere to your instructions.
HIPAA is the Health Insurance Portability and Accountability Act. It is United States legislation that came to life in 1996 in order to make sure that medical information remains secure and private. Clearly this act is more necessary now than ever due to the repeated and dangerous cyberattacks which can lead to the leakage of private medical information from insurance companies and medical providers. HIPAA has two main purposes. The first is to ensure that people who lose or change their job continue to have medical insurance coverage. The second is to limit the cost of healthcare by standardizing the electronic transmission of financial and administrative transactions. The HIPAA Privacy Rule also knows as the Standards for Privacy of Individually Identifiable Health Information sets the standards in the United States in order to protect a person’s personal or medical information. This rule requires doctors to inform patients of any entity that they share the patient’s health information with whether it’s for administrative or economic purposes. For instance you’re required to tell your patient that you’re sharing their medical information with an insurance company for instance. If you do this without informing them then it’s a HIPAA violation and there will be consequences for you. This of course applies to anyone you share a patient’s medical information with who has no right to know that information.
Information protected and covered by the HIPAA privacy rule includes:
-Patient’s name, address, date of birth, and SSN.
-Patient’s mental and/or physical health condition.
-Care provided to the patient
-Information regarding payment for the care provided to the patient
-Any information that may be used in order to identify the patient.
There plenty of consequences and penalties to those who violate the HIPAA Privacy Rule that will make you want to make sure your office staffs don’t release any medical information on the internet or elsewhere. Here are some of the minimum penalties:
-If you unknowingly violate HIPAA the penalty is 100$ per violation with a maximum of 25,000$ per year for repeated violations.
-If there’s a reasonable cause for violating HIPAA then the penalty is 1000$ per violation up to 100,000$ per year for repeated violations.
-If you neglect HIPAA willfully but correct the violation within a given time period the penalty is 10,000$ per violation up to 250,000$ per year for repeated violations.
-If you neglect HIPAA and don’t correct the violation then the penalty is 50,000$ per violations up to 1.5 million dollars per year for repeated violations.
Individuals and entities who obtain or disclose patient health information intentionally violating the HIPAA privacy rule can receive a penalty of up to 50,000$ and up to one year in prison. If the violation is done under false pretenses then the penalty can rise up to 100,000$ and 10 years in prison.
Certainly these penalties prove that patient confidentiality is no joke and should definitely be taken seriously. The consequences won’t just be the loss of the trust of your patients, but also financial fines and even up to jail time. So you definitely need to make sure that even your office staff don’t violate any HIPAA rules.
So how do you guarantee that your office staff realize the importance of patient privacy? It would be crazy to think you can keep following their social media accounts and read the things they post to make sure none of it is related to your patients. Not only is it a terrible waste of your time, but it’s also a violation of their privacy. You should make it clear to everyone through a meeting that patient privacy is very important and explain the consequences to them. It should also be clear that releasing patient information can get them fired. Other ways to achieve optimum patient security would be inserting medical patient data into the system yourself. You should also make it clear that you shouldn’t be interrupted while seeing a patient. This isn’t just for confidentiality reasons, but also to limit patient interruptions and make them feel more comfortable.
Even if there weren’t severe rules and legislation such as the HIPAA Privacy Rule to guarantee patient rights and that the information they share with their doctors remains protected, it’s still important for you as a physician to protect that information. A patient will tell his or her doctor things that they would never share with anyone else and they do it with complete trust. It would be devastating for them to later find out that the information they gave in confidence has been released on the internet for everyone in the world to see. It’s your job as a doctor to make people’s lives better and a privacy breach like that will definitely make a person’s life much worse.