Creating a balance between your social and work life often a challenge to many employees. People find themselves posting work-related things on their social media pages without considering the consequences of their actions to the clients, organizations, or their careers. Sharing Protected Health Information (PHI), including a patient’s medical history, demographic data, insurance information, test results, violate the HIPAA Privacy Rule that protects rights against sharing personal health information held by covered entities (Carlson & Mandel, 2017). Under the provisions of the HIPAA Privacy Rule, the disclosure of PHI is permitted for patient care and other important purposes, not sharing on social media.
The person that shared the information happens to be my friend. However, as a shift supervisor, I am required to exercise impartiality when handling work-related issues. Therefore, I believe that the organization has structures used to handle similar cases. The first thing would be to report the colleague to the nurse-in-charge and allow an investigation (Services, 2013). Disciplinary measures must be taken against the nurse for violating HIPAA. According to the provisions of the rules, willful violation of the rules, including using PHI to cause harm or intentional theft of PHI for personal gain, can result in criminal penalties.
After assessing the level of the breach and the extent to which the nurse violated the privacy rule, I would work with the person responsible for HIPAA compliance and provide necessary disciplinary action to the patient. To avoid similar issues in the future, I would recommend continuous medical education for the staff members to ensure people review the HIPAA rules governing sharing PHI (Drolet et al., 2017). They should also learn how to use their social media pages to avoid malicious or unintentional violation of policies that might risk their safety and that of their patients.
References:
Carlson, S. F., & Mandel, J. R. (2017). Commentary on “Electronic Communication of Protected Health Information: Privacy, Security, and HIPAA Compliance.” In Journal of Hand Surgery (Vol. 42, Issue 6, pp. 417–419). W.B. Saunders. https://doi.org/10.1016/j.jhsa.2017.04.014
Drolet, B. C., Marwaha, J. S., Hyatt, B., Blazar, P. E., & Lifchez, S. D. (2017). Electronic communication of protected health information: privacy, security, and HIPAA compliance. J Hand Surg Am, 42, 411–416.
Services, U. S. D. of H. & H. (2013). Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act. Fed Regist, 78, 5565–5702.
