There’s no doubt that social media has become a significant part of everyday life, with users of all ages taking to it. It has also been incorporated more into workplace culture. Companies sometimes encourage employees to promote brands on social media.
For nurses, social media can be advantageous in several ways. It provides nurses with a forum to:
- Connect with the community
- Share health tips
- Attract new patients
- Announce new services offered
- Update the community on critical topics, such as COVID-19
However, nurses risk potential HIPAA violations when posting on social media. A nursing program, like the online Registered Nurse (RN) to Bachelor of Science in Nursing (BSN) from Arkansas State University (A-State), can give students the foundational knowledge needed to act mindfully in their roles and utilize social media and technology without violating patient rights.
Keeping Up With Change
When the Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996, social media was nonexistent. Smartphones came much later. Those who wrote the HIPAA parameters had no idea how the patient privacy landscape would change in the following decades.
Healthcare leaders and organizations must prioritize HIPAA-compliant social media use among entities covered by the act, their business associates and employees. The following seven examples represent how nurses can avoid a HIPAA violation based on social media:
1. Maintain Complete Anonymity
At the heart of HIPAA is patient privacy. It’s unlikely that nurses would intentionally reveal a patient’s identity in a social media post, but they need to be hyper-aware of the information they’re sharing to avoid “oops” moments that can cost them their job or even their license.
The National Council of State Boards of Nursing (NCSBN) provides an example in its handbook, A Nurse’s Guide to the Use of Social Media. A young nurse requested permission to photograph her young leukemia patient. She wanted to publicly express her pride in being a nurse. Unfortunately, she inadvertently left the patient’s room number visible in the photo, and the hospital was charged with a HIPAA violation.
The rule of thumb should be to avoid sharing details that could lead to patient identification, such as name, nickname, condition/diagnosis or room number.
2. Obtain Valid Consent
In the above example, the nurse did request permission from the patient, which is the right step. It is important to note that nurses should always get written consent from their patients if they intend to share on social media. That consent must be from the patient — not a relative, partner/spouse or friend.
3. Adhere to Social Media Policies
Every healthcare institution must have a clear social media policy, with regular reviews and updates as social media continues to evolve. Periodic dissemination of the policy to all staff — from reception and back-office staff to nurses and C-suite executives — is crucial. Ideally, nurses should receive training on the policy before they start working for a healthcare facility.
4. Understand the Permanence of Social Media
A common misunderstanding is that deleting a post means there is no harm done. Even if a post is up for mere seconds and then removed, it still exists online. Beyond screenshots captured in the brief moments a questionable post is up, it has a trackable digital footprint. Per NCSBN’s guide, “The moment something is posted, it lives on a server that can always be discoverable in a court of law.”
In addition, even if you’re sharing posts within a private group, you would still be breaking the law if the post or any comments contained HIPAA-violating information.
5. Use Professional Devices, Not Personal Ones
While some social media policies may allow nurses to record videos or take photos on their personal devices, NCSBN says it’s best to stick to employer-provided devices. This also helps preserve the professional boundaries nurses should already be maintaining with their patients. Any online contact or communication should never blur the lines between professional and personal.
6. Keep Thoughts to Yourself
HIPAA violations don’t just occur when a nurse posts something of their own accord. Comments and replies to someone else’s post, chat room gossip (even if it’s a private room) or leaving a review on a site like Yelp opens the door for potential HIPAA violations. The best advice is to keep thoughts about your patients to yourself.
7. Always Err on the Side of Caution
Sharing patient success stories or professional wins can be tempting, but it is not worth risking a violation — and ultimately your career.
Nurses are routinely fired for flouting HIPAA’s parameters, even unintentionally. That mark on your record can sully your career for the long term. Some nurses have lost their license and even faced criminal charges.
So, before posting or sharing anything, ask yourself: Is this really worth it?
Stay HIPAA-Mindful Always
Nurses learn about the importance of HIPAA throughout their education and training. They must consider every principle that applies to their daily patient care responsibilities — such as maintaining electronic health records or disclosing details to the appropriate people — when sharing social media posts. By keeping these best practices in mind every time you’re about to hit “post,” you’re safeguarding yourself and your employer from potential legal action.
A-State’s online RN to BSN program curriculum includes courses like Nursing Leadership and Professional Nursing Practice. While not explicitly focused on social media, these courses address ways nurses can employ managerial and leadership behaviors and practices that inform professional decorum, including responsible social media use.
Learn more about A-State’s online Registered Nurse to Bachelor of Science in Nursing program.