© Sam Wordley | Dreamstime.com
Dreamstime M 139799690 615347ec38bd2

Troubleshooter: Snarky social media comments and HIPAA violations

Sept. 7, 2017
This dental team member is worried that a fellow hygienist is violating HIPAA by posting before-and-after photos of a patient's mouth on social media, accompanied by snarky comments.  

Nearly everyone has problems and concerns on the job, and sometimes you're just too close to a situation to solve something yourself. Share your concerns with Team Troubleshooter, and the experts will examine the issues and provide guidance. Send questions to [email protected].

QUESTION: A dental hygienist recently did some repair work on a patient, then took before-and-after photos of the patient's mouth using his (the hygienist's) personal cell phone. He then posted the photos on his Facebook page. The patient was not identified by name but, in addition to the photos, the hygienist described what caused the damage that led to the repair work and what procedure was done to correct the issue. He then added a sarcastic comment related to what caused the need for the dental repair work.

I don't know if the patient gave consent for the hygienist to post the photos on his Facebook page, or if he gave consent for the hygienist to describe the specifics of the cause of the damage that led to the repair work.

So here are my questions: even though the dental hygienist didn't reveal the patient's name, did he commit a HIPAA violation by posting photos and giving specific details of the patient's repair work?

Also, if it was a HIPAA violation, is the hygienist the only one who could potentially face penalties, or could the dentist-owner where the hygienist works also somehow be held accountable and face penalties?

ANSWER FROM LINDA HARVEY, The Linda Harvey Group, Compliance/Risk Management Strategist:
Protecting patient privacy and confidentiality is clearly mandated under HIPAA Privacy Rules. If this hygienist obtained a proper HIPAA-compliant authorization from the patient prior to posting the information, there was no violation. However, given the hygienist's sarcastic comment, my risk management radar says otherwise. If that is the case, this individual clearly disregarded his legal and professional obligation to safeguard patient information and opened himself and his employer to possible HIPAA violation charges.

Here are several key points to consider:

The Privacy Rule clearly defines 18 elements of information or identifiers about a patient that constitute protected health information (PHI). This includes full-face photographs and other comparable images.

Covered entities, including dentists, are required to have policies and procedures for disciplining employees who violate the practice's HIPAA policies. This individual should be disciplined by his boss if he did in fact violate the policies.

In this situation, under the Breach Notification Rule, the employer needs to evaluate the event and determine if it meets the threshold for reporting it to the Office for Civil Rights (OCR). The office should also call the patient and apologize before the patient finds out from other friends on Facebook.

Take down the information. Backups made by Facebook and/or screenshots of the information taken by friends of the hygienist could result in the information being inappropriately redisclosed to others.

Respecting patient confidentiality and privacy has always been a cornerstone of professionalism. Now given specific legal requirements under HIPAA, it's critical for all dental professionals to understand and follow these laws.

This Troubleshooter originally appeared in 2017 and is updated regularly.

More popular Troubleshooters

Dentist asking for illegal assistance has dental assistant worried
Different codes for zirconia crowns vs. e.max crowns?
Can dentist force staff to take vacation when he's not in?

Don't be shy! If YOU have a tough issue in your dental office that you would like addressed, send it to [email protected] for the experts to answer. Remember, you'll be helping others who share the same issue. These who assist dental professionals with their various issues do so because they're very familiar with the tough challenges day-to-day practice can bring. All inquiries are answered anonymously on DIQ.

About the Author

Team Troubleshooter

This weekly column on DentistryIQ features questions from everyday people who work in dental practices, who have issues they would like addressed by the experts. Those who regularly take the time to answer questions include Rebecca Boartfield, Patti DiGangi, Dr. Chris Salierno, Laura Hatch, Karen Daw, Jill Townsend, Lisa Marie Spradley, Shelley Renee, Judy Kay Mausolf, Robin Morrison, Paul Edwards ... and the list is growing.

Send your question or issue for an expert to address to [email protected].. You'll be glad you did.