Michigan Health Care Legal Blog
Regular readers of our Michigan Health Care Legal Blog will undoubtedly recall a recent post detailing potential pitfalls for physicians on social media. The post included useful information about going viral, violating patient privacy and advice for how to deal with patients’ “friend” requests on Facebook.
In this post, we’ll delve into the dispensing of specific medical advice, and making unprofessional comments and posting photos of unprofessional behavior on social media.
When you post general comments about treatments or conditions, there will often be responses asking for advice about their specific case. A reply or back-and-forth comments could be a HIPAA violation. It’s also possible that a reply could be construed as a physician-patient relationship.
The doctor who wrote a Medscape article about social media advised physicians who get requests for advice to urge the person to visit your practice.
It might also be a good idea to include on your social media pages a boilerplate statement that
Social media is as ubiquitous for Michigan physicians as it is for everyone else. Some people wake up to Twitter and go to sleep with Facebook. In between, they steal away moments with Snapchat, Instagram, Reddit, Pinterest and others.
Doctors need to be especially careful on social media, always mindful of protecting patient privacy and when sharing medical information, always presenting absolutely correct info.
Some physicians stay away from social media because of its risk of potential disaster. But a California doctor wrote in Medscape that you don’t need to abandon social media. You simply need to exercise discretion and understand its risks.
Social media amplifies your words and images. A stray comment can go viral and reach hundreds of thousands of people (and even more). Mistakes and misstatements are difficult to undo. You can take down an ill-advised Facebook comment and delete a cringe-worthy tweet, but both can live on after being shared or in screenshots.
Think through your comments before posting them. Th
HIPAA was written to protect individuals’ personal health information. Because HIPAA applies to doctors, hospitals, health plans and insurers, dentists, pharmacies, nursing homes, urgent care clinics and other entities paid to provide health care, many in the health care industry wonder if a vaccine passport would violate HIPAA.
Let’s say an airline required passengers to show a vaccine passport containing protected health information before boarding a plane. Because the airline isn’t a health care provider, experts say that HIPAA wouldn’t apply to passengers’ voluntary sharing of information about themselves.
Of course, airlines would still have to comply with Michigan privacy laws and applicable laws in other states.
Other nations – including China, Japan and those in the European Union – are working on their own versions of digital vaccine passports, Detroit’s PBS station WTVS reported.
The Biden ad
Scholars believe the Hippocratic Oath was penned in Ionic Greek sometime between the third and fifth centuries B.C. Its principles are still in effect today, including: treat the sick to the best of your ability, teach medicine to the next generation and preserve patient privacy.
Patient privacy continues to be a foundation of medicine today. It’s central in the American Medical Association’s Code of Ethics and the Health Insurance Portability and Accountability Act (HIPAA).
The AMA describes HIPAA as “guardrails for the sharing and use of patient health information” between health care providers. Going over or around those boundaries can result in a wide range of civil penalties, however, from $100 for an “unknowing” violation all the way to $1.5 million for “willful neglect.”
The OCR also refers alleged criminal violations to the Department of Justice for investigation.
According to the AMA, entit
Although the HIPAA violations case is far from Michigan, it has ramifications for hospitals around the nation. The U.S. Court of Appeals for the Fifth Circuit recently overturned a $4.38 million fine imposed by the Department of Health & Human Services (HHS) on the University of Texas M.D. Anderson Cancer Center.
The genesis of the case was in the hospital’s voluntary disclosure of three instances of lost or stolen portable devices that contained electronic protected health information (ePHI). An HHS investigation found that the devices had not been encrypted. Because the devices weren’t encrypted to protect the ePHI contained on them, HHS determined that the failure constituted a violation of HIPAA Privacy and Security rules and in 2017, it then assessed the multimillion-dollar penalty.
The hospital appealed the fine to an administrative law judge and from there to the HHS Departmental Appeals Board. When those efforts failed to deliver the desired results, the University of Texas M.D. Anderson Cancer Center petitioned the Fifth Circuit for review.
The Fifth Circui
The Department of Health and Human Services (HHS) recently proposed changes to data privacy rules that it says will increase patient access to their health information and will improve coordination of care between physicians, hospitals and other healthcare providers, as well as insurers.
The HHS said the proposed changes to the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule will help enable patients to be engaged in their care. The changes to HIPAA will also make it easier for providers to coordinate care. HHS also says its proposal will reduce the healthcare industry’s regulatory burdens.
HHS says its changes will do all of that “while continuing to protect the privacy and security of individuals’ protected health information.”
The proposed changes will also enable family members and caregivers to be more involved in health emergencies or crises and give greater disclosure flexibility to care providers in emergencies or threatening situations. Two examples of these circumstances cited by HHS were the Covid-19 pandemic an