Anna Allen MSN, RN, CPEHR, CPHIT NCMIC GROUP, Inc.



Similar documents
How To Tell Someone You Are An Hiv Or Aids Positive

HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA

Keeping a Finger on the Pulse of Social Media in Healthcare: Understanding Evolving Roles and Risks

HIPAA Privacy and Security. Rochelle Steimel, HIPAA Privacy Official Judy Smith, Staff Development January 2012

Social Media. The Good, The Bad, The Really Ugly

Lake County Schools GUIDELINES FOR EMPLOYEE USE OF SOCIAL MEDIA NETWORKS. Introduction

Policy and Procedure for Internet Use Summer Youth Program Johnson County Community College

GONZABA MEDICAL GROUP PATIENT REGISTRATION FORM

PHI- Protected Health Information

ACKNOWLEDGEMENT OF RECEIPT OF WESTERN DENTAL S NOTICE OF PRIVACY PRACTICE

Human Resources Policies and Procedures

Health Information Privacy Refresher Training. March 2013

Privacy Compliance Health Occupations Students

ELECTRONIC HEALTH RECORDS

SOCIAL MEDIA GUIDELINES FOR SCHOOLS

Keweenaw Holistic Family Medicine Patient Registration Form

Susan Childs, RN, BSN, CPHRM Dayton Children s Hospital Liz Stock, Esq. Bricker & Eckler LLP Chris Bennington, Esq. INCompliance Consulting

abc Information Security and Privacy Training Report

New Privacy Laws Impacting the Health Care Work Place

Department of Health and Human Services Policy ADMN 004, Attachment A

UNDERSTANDING THE HIPAA/HITECH BREACH NOTIFICATION RULE 2/25/14

HIPAA and Privacy Policy Training

PROTECTING PATIENT PRIVACY and INFORMATION SECURITY

A Nurse s Guide to the Use of Social Media

MINNETONKA PUBLIC SCHOOLS

MCCP Online Orientation

This presentation focuses on the Healthcare Breach Notification Rule. First published in 2009, the final breach notification rule was finalized in

SOCIAL MEDIA & DIGITAL MARKETING POLICIES AND PROCEDURES

Social Media And the Workplace. Scott Patterson Labor and Employment Attorney Butzel Long

NOTICE OF HEALTH INFORMATION PRIVACY PRACTICES (HIPAA)

HEALTH CARE RIGHTS AND TRANSGENDER PEOPLE March 2012

NOTICE OF PRIVACY PRACTICES Walter Chiropractic Clinic, 5219 Peters Creek Rd Ste 5, Roanoke VA 24019

DISCLAIMER. HIPPAA Notice of Privacy. HIPAA Notice of Privacy Practices Printable PDF. Effective November 1, 2015

A A E S C. Albuquerque Ambulatory Eye Surgery Center NOTICE OF PRIVACY PRACTICES

REPRODUCTIVE ASSOCIATES OF DELAWARE (RAD) NOTICE OF PRIVACY PRACTICES PLEASE REVIEW IT CAREFULLY.

We are required to provide this Notice to you by the Health Insurance Portability and Accountability Act ("HIPAA")

MANDATORY REPORTING LAWS & RULES

Policy. Social Media Acceptable Use Policy. Executive Lead. Review Date. Low

HIPAA Violations Incur Multi-Million Dollar Penalties

3/13/2015 HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA?

HIPAA Orientation. Health Insurance Portability and Accountability Act

YU General Guidelines for Use of Social Media

How To Use Social Media To Help Your Business

Social Media in the Workplace OMG!

HIPAA and the HITECH Act Privacy and Security of Health Information in 2009

HIPAA Notice of Privacy Practices

HIPAA Privacy & Security Training for Clinicians

Reproductive Medicine Associates of New Jersey, LLC

Salisbury Township School District Guidelines for Guiding Staff, Students and Parents in Use of Social Media

Protecting Patient Privacy It s Everyone s Responsibility

Notice of Health Information Privacy Practices Radiology Associates of Norwood, Inc.

HIPAA Training for the MDAA Preceptorship Program. Health Insurance Portability and Accountability Act

Effective Date: March 23, 2016

Annual Compliance Training. HITECH/HIPAA Refresher

Managing Social Media Employment Issues

HIPAA MANUAL. Most health plans and health care providers that are covered by the new Rule must comply with the new requirements by April 14, 2003.

Virginia South Psychiatric & Family Services

HIPAA RULES AND REGULATIONS

Model Policy for a Law Enforcement Agency s use of Social Networking

Terms Of Service. "The Company" means CIT Broadband, P.O. Box , Fort Worth, TX

Huseman Health Law Group

Social media through the employment lens. Sara Barrett Partner, Mills & Reeve. Deborah Coyne Principal Associate, Mills & Reeve

Social Media In the Workplace

HIPPA and HITECH NOTIFICATION Effective Date: September 23, 2013

GUIDELINES FOR THE USE OF SOCIAL MEDIA. January 2010

JEWISH FAMILY SERVICE NOTICE OF PRIVACY PRACTICES

Patient Privacy and HIPAA/HITECH

Transcription:

Anna Allen MSN, RN, CPEHR, CPHIT NCMIC GROUP, Inc. Disclaimer: The views and opinions expressed in this presentation are solely those of the author NCMIC does not set practice standards We offer this only to educate and inform Email should be answered within 24 hours Phone call returned within 8 hours Social networking sites lowest priority-no set response time Email and/or phone call is seeking specific questions. Social networking wide-open forum (for all to view) & communication is less targeted at one individual 1

Face to Face careful about the volume and nature of the information disclosed Internet not so careful. Lack of awareness or obliviousness about who will view. Millions of unknown users may stumble upon the information. Potential negative consequences that can flow from students knowing more about you than is prudent Presenting material clearly in person, reacting to them in clinic personally and being available for discussion Using blogs or podcasts cannot replace YOU! Staff member letting off steam Venting about anonymous patient 2

Not exactly as it sounds Any contact; stranger, spammer, friend, enemy, family member or lover, etc, asking to add you to their list or address book (contact) Simply a request to form a network connection between your profile and theirs Be clear about your professional boundaries upfront with your staff Staff may not think about the complications you face with them being your patient s friend, so talking with them openly can illustrate your point Crucial component of keeping your private life private Allow staff and patients to see only limited information 3

NCMIC Copyright 2013 NCMIC Copyright 2013 NCMIC Copyright 2013 4

George Washington University and Johns Hopkins University Findings 78 medical schools responded; 60% reported violations of patient confidentiality, profanity, discriminatory language, depiction of intoxication or illicit substance use, sexually suggestive material and neg comments about the professors or patients. 62% of medical schools have no professionalism policy for student posting online content 11% of Deans stated they were developing policies 50% said they were going to update existing policies As of October 2011 575 You Tube channels (compared to 398 in August 2010) 1068 Facebook pages (compared to 631 in August 2010) 814 Twitter accounts (compared to 634 in October 2010) 149 Blogs (compared to 87 in August 2010) Patients now can stay informed, have more control over their own healthcare and learn from experts at their own pace 5

Two people in a relationship/trust is not necessarily identical in both directions Two people will trust in differing amounts due to; experiences, psychological backgrounds, and histories Employees typically state they trust their supervisors more than the supervisors trust the employees-seen in a variety of hierarchies Virtual Communities Face book; >800 million registered users Created 6 years ago > 54 billion page views/daily. >250,000 new registrations per day Average user has 130 friends More than 7 million apps and websites are integrated with Facebook Twitter; >100 million active users 50 million tweet daily Planning to add 26 million new users before 12/31/2012 Personal page or website (called profile) Photographs, text, user s picture, likes, dislikes, interests, blog entries, geographic location, gender, links to profiles of other friends, name, address, telephone number, email address, etc. Varying degrees of privacy or total lack of 6

Two in five Facebook profiles reveal information that can be used to set up bank accounts. Beware of Identify Theft risk!!!!!!!! 2014 More than 220,000 users Patient voluntarily & publicly revealing protected health information Currently tracking more than 2,000 diseases Popularity on the rise www.patientslikeme.com Conditions; bipolar, ALS, MS, ADHD, depression, HIV, etc. Treatment protocols, age, pictures, time they have had condition, etc. Over 1million tx. & symptom reports Of the 74% of adults who use the internet; 80% of internet users have looked online for information about health related topics 34% of internet users, or 25% of adults, have read someone else s commentary or experience about health or medical issues on an online news group, website, or blog 24% of internet users, or 18% of adults, have consulted online reviews of particular drugs or other healthcare treatments 7

Employers increasingly using job applicants social networking profiles to supplement job applications Individuals see junk as a joke to be only viewed by friends, prospective employers are another story Employers need to tread carefully it making an employment decision based on profiles Almost 30% of job applicants denied employment when potential employers discovered information about them posted over the internet Parker K.: Web Warning for Youths: Employers are Watching Real Clear Politics, March 9 th, 2007. Increases employee communication Recruiting new employees 8

Liability for disclosure of confidential information Liability for harassment or discrimination Dissemination of confidential or proprietary information 9

Patient s view physicians on a professional basis not a friendship Once you send you can t UNSEND WayBackMachine http://archive.org All attorneys are aware this site exists and use it everyday they can in the court room 10

HITECH Act Breach (HHS and FTC) the unauthorized acquisition, access, use, or disclosure of protected health information which compromises the security or privacy of such information, except where an authorized person to whom such information is disclosed would not reasonably have been able to retain such information If posted online, retained forever Not covered by any of the breach exceptions Online personal journals Easy to be created and maintained Fast and accessible, can consolidate information into a single page >170,000 new entries daily Micro-blogging service Allows members to report on what they re seeing, thinking, and feeling by posting comments no longer than 140 characters each You subscribe to someone s twitter feed called tweets 11

Some companies encourage employee blogging as a marketing tool Dissemination of company information whether intentionally or unintentionally Employees posting negative views or criticisms Delta employee fired after her employer discovered that she had posted suggestive pictures of herself in her Delta uniform on her personal blog 15% have official policies addressing employee blogging Some employers feel new policies are unnecessary due to current external communication policies in place Anonymous blogging Disclosure of sensitive financial information/company product information Harassment of fellow employees/students Many companies use a secure site for the employees to list their blogs for approval and then the employer publishes 12

Lack of security offered both by sites and electronic devices PHI duty to protect regardless if spoken gossip, a misplaced chart, an overheard hallway consultation, a lost laptop, in a chat room, a Tweet or a Facebook posting Users share personal info regarding their daily lives, hit SEND, without thinking about the ramifications Shark victim in Hawaii suing for HIPAA violation following staff posting photos of his severely shark bitten leg on the internet HIPAA News, Shark Attack Victim Suing Hospital for HIPAA Violations. Sept. 22, 2010. http://hipaanews.net/archives 13

Posted to Facebook: CA 60 year old male stabbed 16 times in the neck by nursing home roommate. EMS and ER personnel posted the photos. Cawley-Jean, N. Why is it so hard for hospital staff to follow HIPAA rules when using social media? August12, 2010 Federal Prosecution Pennsylvania 2010 Employee of Shadyside Hospital selling PHI for personal gain (names, DOB, ss#) 14 count indictment HIPAA Possible punishment: 80 years, $4,730,000.00 or both November 2 nd, 2011 Psychiatrist on trial for disclosing PHI without authorization Patient treated by psychiatrist Patient complains about psychiatrist Psychiatrist finds out and tells her employer to put her on a psychiatric hold 14

Certified nursing assistant took a picture of a paraplegic patient in a compromising position CNA says to her co-worker; This is too funny. I need to take a picture of this Coworker: Please don t take the picture. Coworker notices picture on Facebook wall. Reports to employer (as required under HIPAA/HITECH) CNA fired, arrested and facing voyeurism charges Boston Globe 2011 Westerly Hospital fired a doctor for posting information about a patient on her Facebook account Board reprimanded unprofessional conduct Did not mention the patient s name, but the board concluded revealed enough for others to identify the patient December 2009 Governor Tweeted: Glad the Legislature recognizes our dire fiscal situation. Look forward to hearing their ideas on how to trim expenses RN tweeted back: Schedule regular medical exams like everyone else instead of paying UMC employees overtime to do it when clinics are usually closed RN indirectly referenced PHI 15

Nurse fired (Des Moines Register, 2010) because using Facebook to exchange information about a patient with another health professional without consent No name, but enough information to identify the patient How to set boundaries online? Throughout your staff s years in your clinic, why would you want to be; Their friend Their online buddy As their employer the boundaries are firmly set 16

How should employees use electronic communications in their official capacity? Views differ as to whether teachers and students should interact on these sites Having a school or class-room related Facebook page could be a way for instructors to use professionally Doctors banning staff from using social media sites on practice owned computers. Some recommend staff not friend patients but no formal document. Normally, doctors are in a reactive mode rather than an active mode Establish written policies re; security of information, include policies on photos and social networking sites Include policies prohibiting against posting of clinic business or day-to-day clinic issues. Strong orientation program for new hires and new associates 17

Post security reminders in areas around the clinic Inform all personnel/students of the consequences of violating the policies Make it clear that the business systems and company-issued equipment maybe used only for lawful and appropriate business purposes Identify appropriate business use and incorporate into guidelines and policy Be sure that employees understand employer has a right to inspect and confiscate any devices issued to or used by employees Require signed employee/student acknowledgement of receipt of policy Update Confidentiality Policies Update annual HIPAA training to include SN Address staff access to SN sites during working hours, including access via the office PC or an e-device for personal or practice-related purposes Document training and have staff initial completion 18

Think very carefully before posting Postings can be discovered by others and disseminated to millions Invasion of privacy Be careful making negative reference to coworkers Check your privacy settings on social networks Remember doctors are held to higher standards of personal conduct than other groups in society Malpractice allegation? Don t talk about it on a social networking site. Remember any social networking site can be used against you in any litigation and displayed on a large screen before a jury in court. 19

To protect your patients rights To instill professionalism throughout your enterprise To protect your organization from liability To protect your employees from liability If the doctor or organization does not know that employees are posting PHI but knows of the popularity of social networking websites and that its employees use such websites; Under Proposed HIPAA changes may be willful neglect if no policies and procedures are in place In the HIPAA proposed rule, HHS focused on lack of policies and procedures Hand out to patients during their first assessment with the doctor Describe whether you accept patient email, and social networking friend status Consistency patient s are not a professional s friend Fiduciary Responsibility 20

Friend blurs the patient s distinction between physician/patient/friend Tell all patients; policy not to friend current or former patients out of respect for the physician/patient relationship and to safeguards the patients confidentiality Spell out how often you will be online Be vigilant to maintain stated online schedule Go online frequently to maintain the conversation string Don t respond in a timely fashion; could lead to allegation of delayed treatment or diagnosis Best to avoid giving online advice Are you violating doctor/patient confidentiality Social networks do not report who views the information People may not always be clear or aware of what information is available to the public or their friends list, and what information is private 21

University of PA studied 271 medical blogs and found: Individual pts describe in 42.1% of blogs Positive pt portrayal 15.9% & negatively in 17.7% PHI to identify patient in 16.6% of blogs Three blogs had pt. photographs Healthcare products promoted in 11.4% http://sharing.mayoclinic.org/guidelines http://mc.vanderbilt.edu/root/vumc.php?site =socialmediatoolkit http://socialmediagovernance.com/policies.p hp (this site has 174 policies available) 22