Note: Your progress in watching these videos WILL NOT be tracked. These training videos are the same videos you will experience when you take the full ProHIPAA program. You may begin the training for free at any time to start officially tracking your progress toward your certificate of completion.
In this lesson, we'll be covering HIPAA law as it applies to social media, mobile devices, email, and faxes. And at the end of the lesson, we'll provide you with a brief Word about guidelines for properly disposing of protected health information, or PHI.
HIPAA law covers all PHI in electronic formats (also known as ePHI). This includes the following social media platforms:
Pro Tip #1: While we as a society find it absolutely necessary to share everything on social media these days – including contrary opinions and meals we're about to consume – never under any circumstance should you disclose patient information, like names and treatments, on any social media platform.
Remember, though we're sure you know better, common sense is not all that common, which is why these things need to be said. And why we have to also note that if you do any of the above, you could be personally liable financially and criminally for disclosing any protected health information on social media platforms.
Mobile devices include but are not limited to:
Pro Tip #2: While disclosing PHI on social media is always a no-no, mobile devices can be used to share protected health information IF appropriate safeguards are in place. What does IF mean?
In short, we're referring to encryption. If you are sharing PHI on mobile devices, you have to use an encrypted texting or chatting platform. You cannot simply just pick up your phone and text PHI to a doctor, nurse, health plan, insurance company, etc.
Why can't you do this? Because standard texting platforms:
Standard email platforms are also not compliant according to HIPAA, and these include:
All emails sent through the above free platforms are subject to automated processing. Your email and sensitive patient data will be scanned for targeted advertising when using those platforms.
Pro Tip #3: It's important to note that while Google has chosen to not sign a business associate agreement (BAA) when using their Gmail platform, their paid service – G Suite – has signed BAAs. Other paid email platforms may also be acceptable, like Microsoft Office 365. The key is the provider's willingness to sign a business associate agreement.
Faxes are an approved and HIPAA compliant means of sending PHI. However, you still need to be mindful when doing so. This means always using a cover sheet before sending a fax that contains protected health information.
What if you send a fax containing PHI in error?
If this happens, you need to contact the receiver and notify them to destroy the fax. Likewise, if you receive a fax containing PHI in error, you must notify the sender and also destroy the information.
Disposing of PHI is of the utmost importance, particularly in our modern digital world where deleted tweets aren't really ever gone. The following PHI disposal guidelines should ensure that you and your organization remain HIPAA compliant.