Employers that are covered entities under HIPAA (including dentists and management groups) face direct liability for the acts of
their employees and affiliates that run afoul of HIPAA. At least
since HIPAA’s Privacy Rule was issued in 2002, there are severe
penalties for using or disclosing individually identifiable health
information, without written authorization. Groups must always
be mindful of how they are treating the personal, financial or medical information that could be used to identify the person or the
fact that he or she is a patient (such information under HIPAA is
called “Protected Health Information” or “PHI”). When delving
into the world of social media, dentists, dental practices, DSOs,
and all employees need to be aware of the best practices and the
pitfalls of using social media to protect against unintended distribution of PHI.
1
All organizations should establish a social media policy.
This includes giving your employees, independent contractors, consultants and patients your organization’s
guidelines about what social media can and cannot be
used, both personally and professionally. Company
policies should include HIPAA guidelines and give examples of the
kinds of statements that would run afoul of HIPAA. For example,
posting on a patient’s Facebook page, “It was great to see you for
your procedure today! – from Dr. Pat” can be problematic.
2
3
4
Companies should regularly monitor social media sites,
in addition to privacy and security settings. All employees should acknowledge receiving and reading the company’s social media policies.
Photos are also subject to HIPAA regulations. Patient
photos should not be posted or disclosed to the public
without proper written patient au ѡ