The Health Insurance Portability and Accountability Act of 1996 (HIPAA) ushered in a new era for patient privacy in the United States. This federal law safeguards protected health information from disclosure by covered entities, which include healthcare providers who electronically transmit health information and health plans. Because this law was enacted before social media sites like Facebook and Instagram were routinely used by patients and providers, there has been an evolution in the protection standards for providers and plans to abide by. In this evolution, there have been hiccups where providers violate the HIPAA compliance protections for patient information leading to lawsuits alleging privacy violations. This blog will detail what HIPAA violations look like, the most common HIPAA violations on social media, and what to do if your privacy has been violated, including hiring an experienced attorney.
What Constitutes a HIPAA Privacy Violation?
HIPAA privacy violations can take many forms, but they are centered around the exposure of protected health information, including the identity of patients, diagnoses, treatments, or compromising images, video, or spoken word related to a patient without the written consent of the patient or patient’s representative by a covered entity. As such, mere disclosure of a diagnosis by a family member to a stranger without your consent is not a HIPAA privacy violation, but more closely a violation of your trust with that family member. Related to social media, social media HIPAA violations can come from business pages for covered entities, such as a hospital system, wherein your photograph is used identifying you as a patient and posted to the webpage without your consent. Some additional examples of common violations on social media include, without the consent of the patient, posting of gossip related to patients, sharing compromising photos or videos of patients, posting information that identifies or could lead someone to identify a patient, or sharing a diagnosis of a patient related to marketing. While these violations can occur due to a covered entity’s disregard for a patient’s privacy, a HIPAA violation can be due to an entity forgetting to request consent or internal miscommunications. Regardless, HIPAA violations are a major breach of the trust between patients and providers as well as a violation of federal law.
Your HIPAA Privacy Has Been Violated – Now What?
If you ever find yourself in the unfortunate situation of your or a loved one’s HIPAA privacy having been breached, the first thing you should do is file a complaint with the U.S. Department of Health and Human Services. The Office for Civil Rights carefully investigates all allegations of privacy violations by covered entities. Patients must file their complaint within 180 days of the violation, and you should document all information possible related to the violation. After the investigation, the Office of Civil Rights will send a letter describing the results and the remedy. This may include forcing the entity to institute stricter internal standards, agreement to a settlement, or civil money penalties.
As you file your complaint, it is also appropriate to contact an attorney who specializes in social media HIPAA violations to discuss filing a civil lawsuit in conjunction with the complaint to the Office of Civil Rights. Attorneys in this field understand the duties covered entities owe to patients and the disastrous effects a violation can have. Further, they are experienced in reviewing the HIPAA violation and making a demand for monetary damages for the patient.
If you or a loved one has experienced a HIPAA violation, contact the privacy attorneys at The Simon Law Firm, P.C. today for a free, confidential consultation. The trust between a patient and provider is sacred and any violation of this trust is detrimental to the system we all rely on. Having experienced, dedicated attorneys on your side to litigate a breach of privacy case is imperative to hold providers accountable for their actions.