I don’t want to use this blog as a pulpit against social media or smart phones, but it is sometimes hard to believe the things people do. It is like the minute some people have a phone in their hand, all sense of reasonableness or rational thought goes out the window. In the world of health care, HIPAA is the one law that every employee can violate, and, as the cases described below illustrate, it can be violated in a big way.
In September, a VA employee used Twitter to post a photo of a patient’s preoperative anesthesia chart notes. The patient was 72 years old and was undergoing penile implant surgery. The employee captioned the photo “72 y/o male gets government funded surgery” followed with a suggestive emoji. While the veteran’s name was not included in the photo, the photo did include handwritten notations of heart rate, blood pressure, temperature and mental status.
In a second case, an employee of Jackson Health System in Florida posted to social media a photo and comments about a baby being treated in the neonatal ICU for gastroschisis which is a condition where a baby’s intestines are exposed. Along with the photo, the employee included captions that read: “My night was going great then boom!” and “Your intestines posed to be inside not outside baby!”
In both of these situations, health care employees who had received HIPAA Privacy Rule training completely ignored that training, and any sense of decency, and felt the world needed to see this very private and personal information. Were either of these two people thinking about HIPAA? Of course not. But should they have been thinking about HIPAA? Absolutely! Both of these individuals were fired, and there is a very high probability their former employers will pay sizable fines for their actions.
With the advent of smart phones and social media, it seems filters have gone the way of buggy whips and cars without seatbelts, they rarely exist anymore. The importance of effective regular HIPAA privacy training cannot be overstated.