Two trends have been rising in popularity in tandem: HIPAA compliance audits and social media. Obviously both of these are far too important to be correlated directly, but they do intersect with each other. Social media tends to push people toward oversharing, and that’s definitely something you don’t want when hosting regulated patient data.
Celebrity hospital visits
Under HIPAA’s privacy rule, a breach has occurred whenever patient information is accessed and shared by an employee unauthorized to access it and/or has no job-related reason to do so. So in addition to the hundreds of computer-based data security policies you need to design and implement, you also have to prevent employees from snooping on files inappropriately.
Most of the time there aren’t many reasons for an employee to go looking through medical files. But a great example of what these types of breaches look like involves Kanye West’s recent stay at the UCLA Medical Center. As an international superstar, more information on why Mr. West was admitted to the facility was in high demand.
Several employees ended up sneaking a look at his medical history and talking about it on social media, forcing the medical center to launch a breach investigation and eventually fire a number of individuals. It’s a great example of how HIPAA can affect our everyday lives, but what impact does it have on the average small- or medium-sized business?
Smalltown disclosures
Just mentioning someone has been admitted is enough to constitute a breach. For a more likely scenario, imagine you ran a clinic in a small town. You employed a high school senior as your receptionist and he or she helped a former teacher schedule a doctor’s appointment.
If the receptionist were to post about it on social media — or even just text a couple of his or her friends — that would constitute a data breach. Think about it, if that teacher’s appointment was for something embarrassing, students and fellow faculty knowing about it could result in quite a bit of “harm” to him.
IT solutions to avoid breaches
In addition to conducting multiple employee trainings per year, any HIPAA-compliant office should also implement:
- Exhaustive URL filtering to keep employees with company-provided workstations from accessing social media sites, messaging platforms, and anything that could lead to a breach.
Thorough mobile device management solutions to keep employees from using their phones to disclose protected information while at work.
As HIPAA experts, we know the most efficient route to reliable compliance. HHS audits are on the rise, and you need an IT consultant that leaves you feeling confident in your ability to weather whatever comes your way. For more information about our compliance services, call us today.