Anna Allen MSN, RN, CPEHR, CPHIT NCMIC GROUP, Inc.

Anna Allen MSN, RN, CPEHR, CPHIT NCMIC GROUP, Inc. Disclaimer: The views and opinions expressed in this presentation are solely those of the author NCMIC does not set practice standards We offer this only to educate and inform Email should be answered within 24 hours Phone call returned within 8 hours Social networking sites lowest priority-no set response time Email and/or phone call is seeking specific questions. Social networking wide-open forum (for all to view) & communication is less targeted at one individual 1

Face to Face careful about the volume and nature of the information disclosed Internet not so careful. Lack of awareness or obliviousness about who will view. Millions of unknown users may stumble upon the information. Potential negative consequences that can flow from students knowing more about you than is prudent Presenting material clearly in person, reacting to them in clinic personally and being available for discussion Using blogs or podcasts cannot replace YOU! Staff member letting off steam Venting about anonymous patient 2

Not exactly as it sounds Any contact; stranger, spammer, friend, enemy, family member or lover, etc, asking to add you to their list or address book (contact) Simply a request to form a network connection between your profile and theirs Be clear about your professional boundaries upfront with your staff Staff may not think about the complications you face with them being your patient s friend, so talking with them openly can illustrate your point Crucial component of keeping your private life private Allow staff and patients to see only limited information 3

NCMIC Copyright 2013 NCMIC Copyright 2013 NCMIC Copyright 2013 4

George Washington University and Johns Hopkins University Findings 78 medical schools responded; 60% reported violations of patient confidentiality, profanity, discriminatory language, depiction of intoxication or illicit substance use, sexually suggestive material and neg comments about the professors or patients. 62% of medical schools have no professionalism policy for student posting online content 11% of Deans stated they were developing policies 50% said they were going to update existing policies As of October 2011 575 You Tube channels (compared to 398 in August 2010) 1068 Facebook pages (compared to 631 in August 2010) 814 Twitter accounts (compared to 634 in October 2010) 149 Blogs (compared to 87 in August 2010) Patients now can stay informed, have more control over their own healthcare and learn from experts at their own pace 5

Two people in a relationship/trust is not necessarily identical in both directions Two people will trust in differing amounts due to; experiences, psychological backgrounds, and histories Employees typically state they trust their supervisors more than the supervisors trust the employees-seen in a variety of hierarchies Virtual Communities Face book; >800 million registered users Created 6 years ago > 54 billion page views/daily. >250,000 new registrations per day Average user has 130 friends More than 7 million apps and websites are integrated with Facebook Twitter; >100 million active users 50 million tweet daily Planning to add 26 million new users before 12/31/2012 Personal page or website (called profile) Photographs, text, user s picture, likes, dislikes, interests, blog entries, geographic location, gender, links to profiles of other friends, name, address, telephone number, email address, etc. Varying degrees of privacy or total lack of 6

Two in five Facebook profiles reveal information that can be used to set up bank accounts. Beware of Identify Theft risk!!!!!!!! 2014 More than 220,000 users Patient voluntarily & publicly revealing protected health information Currently tracking more than 2,000 diseases Popularity on the rise www.patientslikeme.com Conditions; bipolar, ALS, MS, ADHD, depression, HIV, etc. Treatment protocols, age, pictures, time they have had condition, etc. Over 1million tx. & symptom reports Of the 74% of adults who use the internet; 80% of internet users have looked online for information about health related topics 34% of internet users, or 25% of adults, have read someone else s commentary or experience about health or medical issues on an online news group, website, or blog 24% of internet users, or 18% of adults, have consulted online reviews of particular drugs or other healthcare treatments 7

Employers increasingly using job applicants social networking profiles to supplement job applications Individuals see junk as a joke to be only viewed by friends, prospective employers are another story Employers need to tread carefully it making an employment decision based on profiles Almost 30% of job applicants denied employment when potential employers discovered information about them posted over the internet Parker K.: Web Warning for Youths: Employers are Watching Real Clear Politics, March 9 th, 2007. Increases employee communication Recruiting new employees 8

Liability for disclosure of confidential information Liability for harassment or discrimination Dissemination of confidential or proprietary information 9

Patient s view physicians on a professional basis not a friendship Once you send you can t UNSEND WayBackMachine http://archive.org All attorneys are aware this site exists and use it everyday they can in the court room 10

HITECH Act Breach (HHS and FTC) the unauthorized acquisition, access, use, or disclosure of protected health information which compromises the security or privacy of such information, except where an authorized person to whom such information is disclosed would not reasonably have been able to retain such information If posted online, retained forever Not covered by any of the breach exceptions Online personal journals Easy to be created and maintained Fast and accessible, can consolidate information into a single page >170,000 new entries daily Micro-blogging service Allows members to report on what they re seeing, thinking, and feeling by posting comments no longer than 140 characters each You subscribe to someone s twitter feed called tweets 11

Some companies encourage employee blogging as a marketing tool Dissemination of company information whether intentionally or unintentionally Employees posting negative views or criticisms Delta employee fired after her employer discovered that she had posted suggestive pictures of herself in her Delta uniform on her personal blog 15% have official policies addressing employee blogging Some employers feel new policies are unnecessary due to current external communication policies in place Anonymous blogging Disclosure of sensitive financial information/company product information Harassment of fellow employees/students Many companies use a secure site for the employees to list their blogs for approval and then the employer publishes 12

Lack of security offered both by sites and electronic devices PHI duty to protect regardless if spoken gossip, a misplaced chart, an overheard hallway consultation, a lost laptop, in a chat room, a Tweet or a Facebook posting Users share personal info regarding their daily lives, hit SEND, without thinking about the ramifications Shark victim in Hawaii suing for HIPAA violation following staff posting photos of his severely shark bitten leg on the internet HIPAA News, Shark Attack Victim Suing Hospital for HIPAA Violations. Sept. 22, 2010. http://hipaanews.net/archives 13

Posted to Facebook: CA 60 year old male stabbed 16 times in the neck by nursing home roommate. EMS and ER personnel posted the photos. Cawley-Jean, N. Why is it so hard for hospital staff to follow HIPAA rules when using social media? August12, 2010 Federal Prosecution Pennsylvania 2010 Employee of Shadyside Hospital selling PHI for personal gain (names, DOB, ss#) 14 count indictment HIPAA Possible punishment: 80 years, $4,730,000.00 or both November 2 nd, 2011 Psychiatrist on trial for disclosing PHI without authorization Patient treated by psychiatrist Patient complains about psychiatrist Psychiatrist finds out and tells her employer to put her on a psychiatric hold 14

Certified nursing assistant took a picture of a paraplegic patient in a compromising position CNA says to her co-worker; This is too funny. I need to take a picture of this Coworker: Please don t take the picture. Coworker notices picture on Facebook wall. Reports to employer (as required under HIPAA/HITECH) CNA fired, arrested and facing voyeurism charges Boston Globe 2011 Westerly Hospital fired a doctor for posting information about a patient on her Facebook account Board reprimanded unprofessional conduct Did not mention the patient s name, but the board concluded revealed enough for others to identify the patient December 2009 Governor Tweeted: Glad the Legislature recognizes our dire fiscal situation. Look forward to hearing their ideas on how to trim expenses RN tweeted back: Schedule regular medical exams like everyone else instead of paying UMC employees overtime to do it when clinics are usually closed RN indirectly referenced PHI 15

Nurse fired (Des Moines Register, 2010) because using Facebook to exchange information about a patient with another health professional without consent No name, but enough information to identify the patient How to set boundaries online? Throughout your staff s years in your clinic, why would you want to be; Their friend Their online buddy As their employer the boundaries are firmly set 16

How should employees use electronic communications in their official capacity? Views differ as to whether teachers and students should interact on these sites Having a school or class-room related Facebook page could be a way for instructors to use professionally Doctors banning staff from using social media sites on practice owned computers. Some recommend staff not friend patients but no formal document. Normally, doctors are in a reactive mode rather than an active mode Establish written policies re; security of information, include policies on photos and social networking sites Include policies prohibiting against posting of clinic business or day-to-day clinic issues. Strong orientation program for new hires and new associates 17

Post security reminders in areas around the clinic Inform all personnel/students of the consequences of violating the policies Make it clear that the business systems and company-issued equipment maybe used only for lawful and appropriate business purposes Identify appropriate business use and incorporate into guidelines and policy Be sure that employees understand employer has a right to inspect and confiscate any devices issued to or used by employees Require signed employee/student acknowledgement of receipt of policy Update Confidentiality Policies Update annual HIPAA training to include SN Address staff access to SN sites during working hours, including access via the office PC or an e-device for personal or practice-related purposes Document training and have staff initial completion 18

Think very carefully before posting Postings can be discovered by others and disseminated to millions Invasion of privacy Be careful making negative reference to coworkers Check your privacy settings on social networks Remember doctors are held to higher standards of personal conduct than other groups in society Malpractice allegation? Don t talk about it on a social networking site. Remember any social networking site can be used against you in any litigation and displayed on a large screen before a jury in court. 19

To protect your patients rights To instill professionalism throughout your enterprise To protect your organization from liability To protect your employees from liability If the doctor or organization does not know that employees are posting PHI but knows of the popularity of social networking websites and that its employees use such websites; Under Proposed HIPAA changes may be willful neglect if no policies and procedures are in place In the HIPAA proposed rule, HHS focused on lack of policies and procedures Hand out to patients during their first assessment with the doctor Describe whether you accept patient email, and social networking friend status Consistency patient s are not a professional s friend Fiduciary Responsibility 20

Friend blurs the patient s distinction between physician/patient/friend Tell all patients; policy not to friend current or former patients out of respect for the physician/patient relationship and to safeguards the patients confidentiality Spell out how often you will be online Be vigilant to maintain stated online schedule Go online frequently to maintain the conversation string Don t respond in a timely fashion; could lead to allegation of delayed treatment or diagnosis Best to avoid giving online advice Are you violating doctor/patient confidentiality Social networks do not report who views the information People may not always be clear or aware of what information is available to the public or their friends list, and what information is private 21

University of PA studied 271 medical blogs and found: Individual pts describe in 42.1% of blogs Positive pt portrayal 15.9% & negatively in 17.7% PHI to identify patient in 16.6% of blogs Three blogs had pt. photographs Healthcare products promoted in 11.4% http://sharing.mayoclinic.org/guidelines http://mc.vanderbilt.edu/root/vumc.php?site =socialmediatoolkit http://socialmediagovernance.com/policies.p hp (this site has 174 policies available) 22