Social media and the unauthorized disclosure of PHI (not sure how helpful the suggestions are, though. e.g., "require online "friends" to agree to a written disclosure")

http://www.ncbi.nlm.nih.gov/pubmed/22594058

J Med Pract Manage. 2012 Mar-Apr;27(5):275-6.

PHI faux pas: social media and the unauthorized disclosure of PHI.

Herrin B, Ingram T.

Source

barry.herrin@smithmoorelaw.com

Abstract

The pervasiveness of social media in modern communication has created increased liability for healthcare providers when trying to safeguard patients' protected health information (PHI). This article addresses a few of the most basic but pervasive ways, including "friending," "tagging," and "blogging," that PHI is unthinkingly shared on social media platforms and the precautions that providers can take to avoid such unauthorized disclosures. It is recommended that healthcare providers: 1) require online "friends" to agree to a written disclosure before connecting; 2) avoid tagging or posting photos online that include images of patients; and 3) do not comment or write about a patient on any online platform or blog without written approval from the patient. Ultimately, it is imperative that healthcare providers implement and enforce detailed social-networking policies and integrate those policies with their human resources disciplinary policies in order to guard against HIPAA violations.