Thursday, June 11, 2009

HIPAA & Social Media

One of the newest and most exciting (but most unexplored) areas of the birth profession is the use of social media (Facebook, Twitter, Blogs, etc) to market your small business and getting the news out and into the hands of expectant parents and other professionals ~ whether you are a private practice pregnancy massage therapist, lactation consultant, childbirth educator, doula, nurse consultant or whatever.

And I say unexplored in regards to HIPAA, the Health Insurance Portability and Accountability Act of 1996. The Privacy Rule standards address the use and disclosure of individuals’ health information—called “protected health information” by organizations subject to the Privacy Rule — called “covered entities,” as well as standards for individuals' privacy rights to understand and control how their health information is used.

The Privacy Rule protects all "individually identifiable health information" held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this information "protected health information (PHI)."

“Individually identifiable health information” is information, including demographic data, that relates to:
the individual’s past, present or future physical or mental health or condition, the provision of health care to the individual, or the past, present, or future payment for the provision of health care to the individual,
and that identifies the individual or for which there is a reasonable basis to believe it can be used to identify the individual.13 Individually identifiable health information includes many common identifiers (e.g., name, address, birth date, Social Security Number). The Privacy Rule excludes from protected health information employment records that a covered entity maintains in its capacity as an employer and education and certain other records subject to, or defined in, the Family Educational Rights and Privacy Act, 20 U.S.C. §1232g.


Please be careful when FBing, Tweeting or Blogging about certain situations. If you need to check the stipulations of the HIPAA, go to http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/index.html.

I will have more about this in my upcoming book on creating/marketing your birth business AND my presentation at the Lamaze Conference in Orlando!


2 comments:

Teri said...

I am a strong believer that all of us should do everything possible to ensure the privacy of the people we work with...I personally would not want to read my doula's version of MY birth on a blog without checking with me first. Now if I couldn't determine if it was my birth or someone else's that she attended that week, then she has removed enough personal information.

But in regards to HIPAA, I went to the site you linked to and when I do the "Are you a covered entity?" flow chart, it comes up with a NO.

http://www.cms.hhs.gov/HIPAAGenInfo/06_AreYouaCoveredEntity.asp

First question: "Does the person, business or agency furnish, bill or receive payment for, health care in the normal course of business?" I answered yes.
Second question: Does the person, business or agency transmit (send) any covered transactions electronically? I answered no - I hand them an invoice/receipt.
That choice sends me to this answer: STOP. The person, business or agency is NOT a covered health care provider.

So instead of honoring confidentiality because of HIPAA concerns, I think we need to advocate confidentiality because it's the right thing to do.

Your thoughts? Am I reading the regulations wrong?

Thanks for all you do!

Unknown said...

Teri, thank you for your thoughtfulness in commenting. Most certifying organizations do alert their members regarding voluntary client confidentiality and HIPAA. With some of us working in the medical system, some of us sometimes working in the medical system, and some of us not in the conventional medical system, AND with the flux of sharing in social media, I thought it might be important to let people who do read my blog know that not only are intentions to protect confidentiality important but there are laws to abide by. Perhaps the link was wrong. I will try to fix it.

Blessings on your work!