North Texas Dentistry Volume 5 Issue 2 - Page 25

Employers that are covered entities under HIPAA (including dentists and management groups) face direct liability for the acts of their employees and affiliates that run afoul of HIPAA. At least since HIPAA’s Privacy Rule was issued in 2002, there are severe penalties for using or disclosing individually identifiable health information, without written authorization. Groups must always be mindful of how they are treating the personal, financial or medical information that could be used to identify the person or the fact that he or she is a patient (such information under HIPAA is called “Protected Health Information” or “PHI”). When delving into the world of social media, dentists, dental practices, DSOs, and all employees need to be aware of the best practices and the pitfalls of using social media to protect against unintended distribution of PHI. 1 All organizations should establish a social media policy. This includes giving your employees, independent contractors, consultants and patients your organization’s guidelines about what social media can and cannot be used, both personally and professionally. Company policies should include HIPAA guidelines and give examples of the kinds of statements that would run afoul of HIPAA. For example, posting on a patient’s Facebook page, “It was great to see you for your procedure today! – from Dr. Pat” can be problematic. 2 3 4 Companies should regularly monitor social media sites, in addition to privacy and security settings. All employees should acknowledge receiving and reading the company’s social media policies. Photos are also subject to HIPAA regulations. Patient photos should not be posted or disclosed to the public without proper written patient au ѡ