So I got some amazing feedback from last week’s patient case but one comment that I definitely wanted to expound on was the concern for a possible HIPAA violation. Being that I have been blogging since I was in medical school I was pretty familiar with the HIPAA and just how to avoid any problems but after listening to KevinMD discuss the fact that many physicians are still in fear of joining social media and blogging really inspired me to write this today. I know that I have plenty who read the blog who might not have a clue what HIPAA means so we will go through the introduction, see how to avoid any issues & just how important it is to do so.
HIPAA better known as the Health Insurance Portability and Accountability Act was enacted over 20 years ago and for the sake of today’s lesson the portion we are focusing on is Administrative Simplifications provisions which help maintain the privacy and security of identifiable health information. The reason why it is so important is that it protects your health information from being out in the public which we know can definitely be used against you for example if Blue Cross passed your information to a mortgage lender who then would not approve you for a mortgage or even worse pass it on to an employer who decides to fire you because of it.
How it relates to health professionals is because of the fear of a HIPAA violation, which can be costly we avoid all social media all together and refuse to blog the journey. When I started my blog in medical school I remember having to have several social media training meetings & watch videos to make sure that the school couldn’t be held liable for anything I said. It continued during residency when they found out I was an active blogger to the point I think they had someone assigned to follow them.
HIPAA in regards to social media I believe is pretty straight forward pretty much DONT IDENTIFY THE PATIENT. Like every time I see a social media violation of HIPAA its something that even someone with no knowledge of HIPAA could have been like “I’m not sure thats a good idea”. There is a published list of what they consider patient identifiers so the fact that people still violate it comes from ignorance more than anything else.
I wrote this because I hope that you take action today and put the fear that you have regarding talking about your patient experiences to bed. Some of my colleagues have the most wonderful careers but have to keep their stories to themselves because this fear has griped them to death. Holding back our patient experiences only allows one person to benefit at the risk of not helping countless others.
For starters here is the list of the 18 patient identifiers that HIPAA recognizes, just avoid these and you’ll be able to start writing your blog today.
2. All geographical subdivisions smaller than a State, including street address, city, county, precinct, zip code, and their equivalent geocodes, except for the initial three digits of a zip code, if according to the current publicly available data from the Bureau of the Census: (1) The geographic unit formed by combining all zip codes with the same three initial digits contains more than 20,000 people; and (2) The initial three digits of a zip code for all such geographic units containing 20,000 or fewer people is changed to 000.
3. All elements of dates (except year) for dates directly related to an individual, including birth date, admission date, discharge date, date of death; and all ages over 89 and all elements of dates (including year) indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older;
4. Phone numbers;
5. Fax numbers;
6. Electronic mail addresses;
7. Social Security numbers;
8. Medical record numbers;
9. Health plan beneficiary numbers;
10. Account numbers;
11. Certificate/license numbers;
12. Vehicle identifiers and serial numbers, including license plate numbers;
13. Device identifiers and serial numbers;
14. Web Universal Resource Locators (URLs);
15. Internet Protocol (IP) address numbers;
16. Biometric identifiers, including finger and voice prints;
17. Full face photographic images and any comparable images; and
18. Any other unique identifying number, characteristic, or code (note this does not mean the unique code assigned by the investigator to code the data)