Discussions

HIPAA violation Photo tagged to a hospital location posted by visitor

Posted by Ann Rose @annkgreenrose, Jun 8, 2017

A visitor to a patient in the Behavioral Sciences Unit posted a photo of another patient complaining that person and the doctors was creeping them out and tagged our hospital as the location of the photo. They also posted that the patient he was visiting had tried to commit suicide. Is there a way for us to manage the location page for the hospital and delete these kinds of posts? It is showing up on the Facebook wall for our hospital. Has anyone had to deal with this kind of situation that knows what the HIPAA implications are.

Someone correct me if I’m wrong, but HIPAA doesn’t apply if a visitor is sharing about another visitor. For instance, if a patient was in a shared room in a hospital and posted information about his roommate, it’s not a HIPAA violation. It only applies to employees or vendors/entities that are there in a business manner. It’s precisely why news crews have to be escorted through a healthcare setting, because they can share whatever they see.

REPLY
@PaigeTSuffel

Someone correct me if I’m wrong, but HIPAA doesn’t apply if a visitor is sharing about another visitor. For instance, if a patient was in a shared room in a hospital and posted information about his roommate, it’s not a HIPAA violation. It only applies to employees or vendors/entities that are there in a business manner. It’s precisely why news crews have to be escorted through a healthcare setting, because they can share whatever they see.

Jump to this post

I agree; HIPAA doesn’t apply when a visitor posts on Facebook. That your hospital was tagged and that this now appears on your hospital’s Facebook page is another story. Is there a way in Facebook to prevent unauthorized tagging…?

REPLY
@PaigeTSuffel

Someone correct me if I’m wrong, but HIPAA doesn’t apply if a visitor is sharing about another visitor. For instance, if a patient was in a shared room in a hospital and posted information about his roommate, it’s not a HIPAA violation. It only applies to employees or vendors/entities that are there in a business manner. It’s precisely why news crews have to be escorted through a healthcare setting, because they can share whatever they see.

Jump to this post

We had a similar situation. Even though HIPAA doesn’t apply when a visitor posts on your Facebook page, we still don’t what that type of content on our page so we approve all tagged posts before they can be shown on our page. You can do this under Settings –> Visitor Posts –> check the box for “Review posts by other people before they are published to the page”

REPLY

Thanks, we do monitor our own page but this is not our page, it is the location that the person is tagging in their post. We have no rights to the location page. Has anyone tried claiming a location page before? I am wondering if we do, what control do we have over older content.

REPLY
@PaigeTSuffel

Someone correct me if I’m wrong, but HIPAA doesn’t apply if a visitor is sharing about another visitor. For instance, if a patient was in a shared room in a hospital and posted information about his roommate, it’s not a HIPAA violation. It only applies to employees or vendors/entities that are there in a business manner. It’s precisely why news crews have to be escorted through a healthcare setting, because they can share whatever they see.

Jump to this post

This is how we have set our pages (and incidentally, my own page). It is quite shocking the types of photos people post.

REPLY
@annkgreenrose

Thanks, we do monitor our own page but this is not our page, it is the location that the person is tagging in their post. We have no rights to the location page. Has anyone tried claiming a location page before? I am wondering if we do, what control do we have over older content.

Jump to this post

You should be able to claim it.

REPLY

I’ve dealt with this. First, you should be able to remove the tag (even if it’s your location). Second, it’s not a HIPAA violation *if* you can show that you’ve done everything reasonable to prevent such a thing. In this case, do you have a social media policy for employees and volunteers? Train them to it? Then you’re fine. (You might also consider posting a notice in the Behavioral Health area about patient privacy and your social media policy.) If you want some tips on a policy, let me know.

How sad that someone thought it was appropriate to post a photo of a patient in distress!

REPLY
Please login or register to post a reply.