By Art Gross, President and CEO, HIPAA Secure Now!
Twitter: @HIPAASecureNow
Read other articles by this author

Recently we covered the different ways that social media is playing a role in deploying healthcare messages. From patient experience to alerting the public about the pandemic, individuals and corporations are taking to the ‘digital airwaves’ of TikTok, Facebook, Instagram, and other platforms to spread awareness and messaging.

This sounds like a great idea. You have essentially free airtime to a large audience, right?

Well yes, but you also have the eyes and ears of so many people on you, that you’re also opening yourself up to criticism and exposure of wrongdoing.

Recently a woman named Hannah Brooke Hutchinson took to TikTok (say that three times fast) to boast of her proof of a COVID-19 vaccination. The problem with this is that she wasn’t vaccinated and was actually bragging about stealing the vaccine cards from her job at a pharmacy for her and her husband to fake their proof of vaccination. When other eagle-eyed users saw this, they were able to zoom in on the return label address for Hutchinson. The Illinois Board of Pharmacy, who had just granted her license, were promptly alerted, but have not commented on the investigation.

Some of you may be asking yourself “How could she be so foolish to do that”? But it isn’t that surprising when you stop to think about how much information we are freely sharing without the thought of consequence. We live in a world where social media is not only a platform that can benefit us by allowing us to stay connected and deliver messages en masse, but it is also the standard to which far too many people judge their merit and popularity by the number of likes or shares. The risk of being caught is outweighed by the risk of being known.

While the laws and rules of HIPAA prevent protected health information (PHI) from being shared on social media, the unwritten laws and rules of social status aren’t defined anywhere, and like most failures in thinking clearly or correctly, our logic doesn’t always align with the law. Many of us crave notoriety and attention far more than we care about the possibility of being in trouble. A rush from a moment of fame or attention is like a fix for a junkie. We know it might be a bad idea, but the feeling we get from everyone knowing “what we have” is something we can’t pass up.

A word to the wise. Pass on it. As a healthcare worker, you are in a position of privilege because you are entrusted with the most private of information. What you have access to is not only sacred but also invaluable to the patient. This privilege includes the access that you may have to treatment, medicines, and yes, prescription pads and vaccination cards. Do not take for granted what you have, and remember to act on the behalf of everyone, not just yourself. And when it comes to social media, oversharing does not mean over-caring.

This article was originally published on HIPAA Secure Now! and is republished here with permission. HIPAA Secure Now offers annual online subscriptions to help covered entities and business associates keep up with compliance. Learn more here.

HIPAA Secure Now! now offers PHIshMD training for CEs and BAs to help protect your organization from security threats.

Technology safeguards put a virtual wall around your network, but what happens when the bad actors climb over that wall? It’s up to your employees. Over 90% of breaches get caused by human error according to Kaspersky Lab, and if you’re not educating users HOW to protect your organization in this ever-changing threat landscape, your organization could be next. LEARN MORE