This blog post was first published on Ellen’s Interprofessional Insights.
Case managers and other healthcare professional who are Seeking Social Media Recommendations, become an Ethical Quandary for Case Management as they commonly ping “friends” or tag “connections” for resource info from treatment and provider recommendations to specific home health agencies and skilled nursing homes. Complex patient circumstances become group chats. After all, there’s no harm in seeking consultation or recommendations, right? Read how unintentional posts become ethical and legal missteps, and how to best manage them.
The discharge planning process always moved quickly, but these days it’s on steroids! Case managers face intense pressure to quickly transition patients to that next level of care, or home. Whether you case manage for a hospital, an MCO, or a community-based agency, you need information when you need it! You seek answers to questions “at the moment” and that is usually not the workplace! Social media has become the fastest way for case managers to quickly get resource information on how to access what you need, and when you need it!
More and more new case managers are entering the workforce than ever before. Their onboarding happens at warp speed, though learning discharge planning resources can take time; they also change rapidly. Case managers and other healthcare professionals commonly ping “friends” or tag “connections for needed resources, from treatment and provider recommendations to specific home health agencies and skilled nursing homes. Complex patient circumstances become group discussions where colleagues to weigh in on management of everything from addiction and family dynamics to “tough to place” patients, or those with chronic readmissions and ED visits. Access to costly prescription drug access, transportation, and other health-related social needs are also popular topics. After all, there’s no harm in seeking consultation or recommendations, right? I get countless emails and queries about this topic, so decided to write a brief blog post to guide the masses.
HIPAA Breaches, Penalties, and Professional Sanctions
Actually, there are ethical, and often legal pitfalls of posting these recommendations. Despite a case manager’s best intent to seek guidance, these types of posts can easily and unintentionally become HIPAA breaches. This may translate to financial penalties for the case manager and their employer, or potential sanctions or reprimands against one’s professional licensure and case management credential.
It can be common to see these posts within professional groups or communities. You know how it plays out. Limited information is posted about the patient, but then questions are posed by connections or group members. For each question and with each answer, more ePHI is inadvertently released. Ultimately there is just enough data for the patient or their family to be identified. It may not be one piece of information that leads to a HIPAA breach, but the collective discussion. This might include:
- Posting the names and locations of potential facilities for transfer
- Posting the age, psychosocial information about family demographics, or unique characteristics.
- Posting the name of the health plan for the patient
- When a case manager’s social media profile includes information about their current employer
- Providing psychosocial information on a patient who resides in a community of under 20,000 persons.
What’s the best way to handle obtaining these recommendations?
There are a series of ways that case managers can consult with colleagues and heed HIPAA and other ethical and legal requirements for patient privacy and confidentiality:
- Use the least information possible about the person (or their family members) to obtain needed guidance and be mindful of the amount of detail provided (e.g., use obesity vs. a specific weight).
- Make sure all necessary permissions for the release of information documentation are clearly signed.
- Move recommendation dialogues offline (e.g., emails, telephone calls)
- Heed those HIPAA and ePHI guidelines
- Remember, all disciplines have unique privacy and confidentiality guidelines listed in their standards of practice and codes of ethics; many have additional social media policies with detailed parameters.
- DO NOT FORGET that there are also distinct case management standards, guidelines, and ethical codes for most credentials addressing the legal parameters for use of health information technology, electronic communication, seeking consultations, informed consent, and associated privacy and confidentiality requirements (e.g., ACM, CCM, CDMS, CMC, CRC, RN-CMGT). All board-certified and credentialed case managers are beholden to those requirements.
NOTE: Detailed information on this topic can be found in Chapter 7: Ethics is What You Do While Everyone Watches: Health Information Technology, in The Ethical Case Manager: Tools and Tactics by Dr. Ellen Fink-Samnick published through Blue Bayou Press and available on Amazon.
DISCLAIMER: This blog post is meant to provide professional recommendations and does not supersede formal legal guidance. All case managers are strongly urged to review the regulations and requirements for their individual licensure scope of practice, requisite case management, and other formal credentials, plus relevant risk management and compliance policies and procedures for their employer.