OSHA & HIPAA Compliance Made Easy

With 25+ years of OSHA experience and one of the nation's only Certified HIPAA Professionals, Smart Training makes compliance not only manageable but easy! We want to address your concerns, so comment and have your questions answered by the experts!

Blog By:
Smart Training

Did you know that by responding to a patient review on social media you could find yourself in hot water with HHS and the Office for Civil Rights? That’s exactly what happened to a practice in Texas recently. Even if the practice manages to come away without fines for misusing patient information they will still be stuck paying for specialized legal counsel. Not to mention the dentist will likely spend many sleepless nights worrying about the consequences of this unintentional breach. Such is the playing field with data breaches.

The lesson to be learned here is: Social media opens the doors to all sorts of potential HIPAA violations. Your office can take specific steps to ensure you don’t end up on the wrong side of patient privacy law.

    
1. If you wouldn’t say it in your waiting room, don’t say it online. Read your social media content aloud before you post it. If there’s information you wouldn’t be comfortable announcing in front of patients, it probably doesn’t belong on social media.
    
2. Use caution when replying to comments on review sites and in real-time venues like Twitter. Immediate responses aren’t required, and it’s often better to let some time go by before you reply. Don’t use the patient’s name or specific treatment information ... even if the patient’s original post identifies him or her.
    
3. Don’t discuss patients online, even in general terms. Social media makes connecting the dots Very easy. Even if you don’t mention your patient’s name, other readers can often identify the individual you’re describing. This is, incidentally, also the reason we encourage clients to report every data breach … affected patients can easily find others online and trace the breach back to your office.
    
4. Don’t mix personal and professional. If you want a personal presence on social media, don’t use your practice page for that sort of interaction.
    
5. Assume anything you say online is public information. There’s no expiration date on internet content, and anything you post today may well be accessible a decade from now.

Dentists have a unique perspective on topics that interest patients. However, the demand for this information must be balanced with how information is used, who may access it, and who else it can affect.

Discover more ways to stop data breaches cold with Smart Training's Data Breach Prevention training. Free for Townies by clicking this link: Breach Prevention 2017.