Is Patient Privacy Possible in the Social Age?

By CTU HealthCare Faculty

CTU Healthcare Degree - Patient PrivacyWithin the health care industry, there’s much discussion about providers marketing themselves through social media. There is question of whether current information confidentiality policies are adequate in protecting patient health information. Facebook and Twitter have proven to be effective tools in reaching untapped patient markets, and the trend toward marketing health care services through such networks will continue to increase. But how can we ensure that both patients and providers impacted and influenced by these platforms are protected from negligence and misconduct with health information that should be kept private?

In 2011, a Rhode Island physician revealed confidential patient information while on Facebook. She was consequently fined and penalized by the state medical board, losing clinical privileges at one of the local hospitals. The physician claimed that her intent was to share medical experiences with her audience. But while she hadn’t named the patient specifically, there was sufficient health information shared which allowed a third party to identity the patient.

Occurrences such as this raise concerns about keeping health information protected under the Patient Protection and Affordable Care Act private from social network communications. For health information to be secured by the Health Insurance Portability and Accountability Act  (HIPAA)  rule of 1996, an entity must be classified as a provider of health care intervention or receive financial remuneration of services based upon the patient health information. Facebook and Twitter clearly don’t fall within this classification. In fact, prior to 2013, HIPAA couldn’t apply to social media networks.

But in 2013, federal legislators began modifying the 1996 HIPPA Privacy, Security, Enforcement, and Breach Notification rules under the Health Information Technology for Economic and Clinical Health Act (HITECH). The modification gave notice that authorization would be required for health care operations marketing communications on social platforms such as Facebook. It now puts social media networks within HIPAA’s ‘financial remuneration’ classification, warranting legal protection of a patient’s health information.

This is a right step in the direction of keeping patient information private. As the merging of social media marketing and health care communication practices moves forward, federal and state authorities will be paying progressive attention to ensuring the protection and privacy of personal health information.

Image credit: Flickr/rpongsaj