Thursday Troubleshooter: Snarky Facebook comments and HIPAA violations
This dental team member is worried that a fellow hygienist is violating HIPAA by posting before-and-after photos of a patient's mouth on Facebook, and then adding snarky comments about the reason for the dental work.
Nearly everyone has problems and concerns on the job, and sometimes you're just too close to a situation to solve something yourself. Share your concerns with Team Troubleshooter, and the experts will examine the issues and provide guidance. Send questions to firstname.lastname@example.org.
QUESTION: A dental hygienist recently did some repair work on a patient, then took before-and-after photosof the patient's mouth using his (the hygienist's) personal cell phone. He (the hygienist) then posted thephotos on his Facebook page. The patient was not identified by name but, in addition to the photos, the hygienist described what caused the damage that led to the repair work and what procedure was done to correct the issue. He then added a sarcastic comment related to what caused the need for the dental repair work.
I do not know if the patient gave consent for the hygienist to post the photos on his Facebook page, or if he gave consent for the hygienist todescribe the specifics of the cause of the damage that led to the repair work.
SO HERE ARE MY QUESTIONS: Even though the dental hygienist did not reveal the patient's name, did he commit a HIPAA violation by posting photos and giving specific details of the patient's repair work?
Also, if it was a HIPAA violation, is the hygienist the only one who could potentially face penalties, or could the dentist who owns the office where the hygienist works also somehow be held accountable and face penalties?
ANSWER FROM LINDA HARVEY, The Linda Harvey Group, Compliance/Risk Management Strategist:
Protecting patient privacy and confidentiality is clearly mandated under HIPAA Privacy Rules. If this hygienist obtained a proper HIPAA-compliant authorization from the patient prior to posting the information, there was no violation. However, given the hygienist's sarcastic comment, my risk management radar says otherwise. If that is the case, this individual clearly disregarded his legal and professional obligation to safeguard patient information and opened himself and his employer to possible HIPAA violation charges.
Here are several key points to consider
The Privacy Rule clearly defines 18 elements of information or identifiers about a patient that constitute protected health information (PHI). This includes full-face photographs and other comparable images.
Covered entities, including dentists, are required to have policies and procedures for disciplining employees who violate the practice's HIPAA policies. This individual should be disciplined by his boss if he did in fact violate the policies.
In this situation, under the Breach Notification Rule, the employer needs to evaluate the event and determine if it meets the threshold for reporting it to the Office for Civil Rights (OCR). The office should also call the patient and apologize before the patient finds out from other friends on Facebook.
Take down the information. Backups made by Facebook and/or screenshots of the information taken by friends of the hygienist could result in the information being inappropriately redisclosed to others.
Respecting patient confidentiality and privacy has always been a cornerstone of professionalism. Now given specific legal requirements under HIPAA, it's critical for all dental professionals to understand and follow these laws.
RECENT THURSDAY TROUBLESHOOTERS
Dentist asking for illegal assistance has dental assistant worried
Different codes for zirconia crowns vs. e.max crowns?
Can dentist force staff to take vacation when he's not in?
Don't be shy! If YOU have a tough issue in your dental office that you would like addressed, send it to email@example.com for the experts to answer. Remember, you'll be helping others who share the same issue. Responses will come from various dental consultants, as well as other experts in the areas of human resources, coding, front office management, and more. These folks will assist dental professionals with their various issues on DentistryIQ because they're very familiar with the tough challenges day-to-day practice can bring.
All inquiries will be answered anonymously each Thursday here on DIQ.