Privacy, Security, and Confidentiality
To recap, “The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge” (Centers for Disease Control and Prevention, n.d., para 1). Furthermore, state privacy laws reinforce private patient information disclosure (Billingsley, 2019). According to Keshta and Odeh (2021), privacy is a consumer’s or patient’s right to control their data and keep it to themselves. On the other hand, confidentiality in the clinical setting refers to the responsibility of the institution or individual that collects the patient’s data to maintain its privacy and not disclose it to the public. Security becomes the tool to protect the patient’s privacy and manage the medical organization’s responsibility of confidentiality or non-disclosure, as per HIPAA.
Thus, to safeguard the patient’s right to privacy and maintain the responsibility of confidentiality, the collaboration and smooth operation between the departments of the medical institution are crucial. The security issues mainly relate to the realm of cybersecurity and the ways to prevent any leaks of private information or hacker attacks. However, this relation does not mean that the IT department is only in charge of security, according to Billingsley (2019). The medical staff is responsible for setting the secure passwords for the accounts in the shared system, tracking their password information, and following the IT department’s guidelines. On the other hand, with great security, the staff of the medical organization should not forget about confidentiality to protect the patient’s privacy. In other words, the employees must not disclose any private information.
Risks of Social Media Use
The HIPAA also applies to social media. Table 1 shows some examples of the security concerns and their impacts. The consequences of even small security and confidentiality breach can be disastrous. According to Billingsley (2019), “In 2016, the civil settlement of one case involving 6800 patients totaled 4.8 million dollars” (p. 262). The appropriate personnel was punished after such a great loss for the medical organization. Another example is the Stickney R. Hospital which fired workers followed the Facebook scandal (St-Laurent-Gagnon & Coughlin). The issue does not end with the loss of the job, the reputation of such workers is ruined, and often other organizations and individuals do not wish to take such risk and avoid any association with this professional or even the clinic.
Mitigative Solutions to the Risks
When contacted by the patient through the social media, it is better to “to redirect the requestor to the pediatrician’s professional site or a separate platform on which no other personal or professional posts are made” (Billingsley, 2019, p. 5). Moreover, accepting friend requests from the patients is discouraged, if the relationships between the professional and the patient does not extend beyond the clinical environment. The strict separation between the professional (associated with the medical organization) and personal social media accounts is required. The postings on the medical issues are better to be made on the professional page. It is also valuable for the patients and public to see the basic medical information on the social media for increasing their awareness, but any specific advice should be replaced by the referral to the clinic. Any disclosure of patient’s information or distinct cases is prohibited, following HIPAA guidelines. Even the pictures with block out faces, postings “that reference a medical encounter with a specific time and date” (Billingsley, 2019, p. 6) can still be identifiable by the users and patients that see it as a breach of trust.
Billingsley, L. (2019). Cybersmart: Protect the patient, protect the data. Journal of Radiology Nursing, 38(4), 261-263. Web.
Centers for Disease Control and Prevention. (n.d.). Health Insurance Portability and Accountability Act of 1996 (HIPAA). U.S. Department of Health and Human Services. Web.
Keshta, I., & Odeh, A. (2021). Security and privacy of electronic health records: Concerns and challenges. Egyptian Informatics Journal, 22(2), 177-183. Web.
Mbonihankuye, S., Nkunzimana, A., & Ndagijimana, A. (2019). Healthcare data security technology: HIPAA compliance. Wireless communications and mobile computing, 2019. Web.
St-Laurent-Gagnon, T., & Coughlin, K. W. (2021). Paediatricians, social media and blogs: Ethical considerations. Paediatrics & Child Health (1205- 7088), 17(5), 267–269.