Note: Your progress in watching these videos WILL NOT be tracked. These training videos are the same videos you will experience when you take the full ProHIPAA program. You may begin the training for free at any time to start officially tracking your progress toward your certificate of completion.
In this lesson, we'll be covering HIPAA law as it applies to social media, mobile devices, email, and faxes. And at the end of the lesson, we'll provide you with a brief Word about guidelines for properly disposing of protected health information, or PHI.
HIPAA Law & Social Media
HIPAA law covers all PHI in electronic formats (also known as ePHI). This includes the following social media platforms:
- Snapchat
- Any and all others
Pro Tip #1: While we as a society find it absolutely necessary to share everything on social media these days – including contrary opinions and meals we're about to consume – never under any circumstance should you disclose patient information, like names and treatments, on any social media platform.
Remember, though we're sure you know better, common sense is not all that common, which is why these things need to be said. And why we have to also note that if you do any of the above, you could be personally liable financially and criminally for disclosing any protected health information on social media platforms.
HIPAA Law & Mobile Devices
Mobile devices include but are not limited to:
- Smartphones
- Tablets
- Laptops
Pro Tip #2: While disclosing PHI on social media is always a no-no, mobile devices can be used to share protected health information IF appropriate safeguards are in place. What does IF mean?
In short, we're referring to encryption. If you are sharing PHI on mobile devices, you have to use an encrypted texting or chatting platform. You cannot simply just pick up your phone and text PHI to a doctor, nurse, health plan, insurance company, etc.
Why can't you do this? Because standard texting platforms:
- Have only limited encryption
- Are not HIPAA compliant
- Use a cloud that stores all text messages
HIPAA Law & Email Platforms
Standard email platforms are also not compliant according to HIPAA, and these include:
- Gmail
- Hotmail
- AOL (which may or may not be extinct)
- Yahoo!
- Any local IT provider's email platform
All emails sent through the above free platforms are subject to automated processing. Your email and sensitive patient data will be scanned for targeted advertising when using those platforms.
Pro Tip #3: It's important to note that while Google has chosen to not sign a business associate agreement (BAA) when using their Gmail platform, their paid service – G Suite – has signed BAAs. Other paid email platforms may also be acceptable, like Microsoft Office 365. The key is the provider's willingness to sign a business associate agreement.
HIPAA Law & Faxes
Faxes are an approved and HIPAA compliant means of sending PHI. However, you still need to be mindful when doing so. This means always using a cover sheet before sending a fax that contains protected health information.
What if you send a fax containing PHI in error?
If this happens, you need to contact the receiver and notify them to destroy the fax. Likewise, if you receive a fax containing PHI in error, you must notify the sender and also destroy the information.
A Word About guidelines for Properly Disposing of PHI
Disposing of PHI is of the utmost importance, particularly in our modern digital world where deleted tweets aren't really ever gone. The following PHI disposal guidelines should ensure that you and your organization remain HIPAA compliant.
- Shred all hard copies containing PHI when the copies are no longer needed
- Place hardcopies to be recycled in locked recycle bins if available
- Delete all soft copy files containing PHI from your computer and from the server when the information is no longer needed within the record retention requirements
- Destroy all disks, CDs, etc., that contained PHI before disposing of them
- Do not reuse disks or CDs that contained PHI without sanitizing them first
- Contact your IT department before transporting or transferring equipment for proper procedures to move equipment and to sanitize hard drives and other media
- Return the PHI to the sender, if this requirement is stipulated in any contractual agreements
