Have you heard about the latest craze? Pokémon Go.
So what is it? Well, imagine taking cartoon characters and putting them in the middle of the real world as you look through the camera on your cell phone. Start playing the game and as you “go” the Pokémon characters just appear where you’re at. You collect them, battle, earn points, etc. Everything you would expect from a game.
So how does this relate to HIPAA and HUGE FINES?
The issue really isn’t with your patients playing the game. It has to do with your medical staff playing. Let me share what could get you in hot water with the Office of Civil Rights, OCR, the group that enforces HIPAA-compliance.
One of your staff is playing Pokémon Go as they are walking along the corridors of your practice or hospital. Let’s assume they’re on break. They decide to take a screenshot of the character they just found and post it on their Facebook page or Instagram. Everyone will be impressed with who they just found.
What they don’t see is what’s behind the character in the background. There is a patient who is in a wheelchair waiting in the hall to see a doctor. There is another patient coming out of a room. And then on the side of the door is a patient’s medical folder where you can make out their last name. Seems pretty harmless, except it’s a HIPAA violation.
The full face of the patients as well as the last name are considered PHI, Protected Health Information and the release of the information requires permission. No permission means you’re in violation and all it’s going to take is someone to see the picture online and report it anonymously to OCR’s website. Just imagine what else OCR will find when they come to look at your practice.
Can’t happen?
You might want to talk to Complete P.T., Pool & Land Physical Therapy., of Los Angeles. Back in 2012, one of their patients complained about having their face on their website without their permission (think picture on Facebook / Instagram). They filed a complaint with OCR, and 2 years later, the practice owed a $25,000 fine and were under the watchful eye of the government for a year.
Simple mistake with an expensive consequence.
Our recommendation? Send out a bulletin or memo to your staff informing them of the possible HIPAA violations from “accidentally” releasing Protected Health Information when playing Pokémon Go. Also, for the safety of the patient’s privacy and the protection of the practice, prohibit playing Pokémon Go on the premises (including the parking lot where they may accidentally capture a license plate). Also, if you haven’t discussed your social media policy and HIPAA requirements recently, now would be a good time.
Protecting your practice is up to you, but we’re here to help you with your HIPAA Compliance if you need us.
Call today at 336-303-1730 x1002 to discuss your HIPAA-Compliance issues.
Small businesses can enhance cybersecurity without sacrificing usability by using password managers, MFA, and SSO.…
When most small business owners think about protecting their data, they usually start with backups.…
Customized IT support and proactive network management reduce manufacturing downtime, optimize shop floor Wi-Fi, enhance…
Flexible, month-to-month managed IT contracts offer businesses control, predictable costs, local support, robust cybersecurity, easy…
Transparency in IT partnerships builds SMB trust through clear SLAs, honest pricing, proactive reporting, local…
Managed IT services by Trinity Solutions simplify compliance for small businesses by managing audits, documentation,…
This website uses cookies.
