"All employees should participate in a HIPAA policy review with details on what not to do especially regarding social media," says Savage. "Once it is clear to the employees how even the most hypothetical information can be perceived coming from nurses at a specific hospital and/or unit, the staff can be held accountable."
Under California laws for public hospital districts, Tri-City employees are entitled to a hearing, before they can be fired. It is unclear whether such hearings have been scheduled or held.
"The outcome of this case may set a precedent as social media is so popular," says Savage. "Most healthcare workers know not to list patient names, pictures, or details on a website nor discuss specific patients or details of their cases in public. But hypothetical situations are sticky because they could apply to a particular patient who believes they have been written about even if the person writing it truly made up the situation."
"We will take further action to prevent similar incidents, including re-emphasizing through employee training and education, the hospital's and its employees' ongoing commitment and obligation to protect our patients' privacy," Anderson said.
The disclosure came the same week that state health officials announced it has fined five hospitals a total of $675,000 in penalties for six instances of privacy breaches of confidential medical information. Tri-City was not named among those hospitals, but Tri-City officials said that they reported the incidents to the state as required by law.
A Tri-City spokeswoman said the hospital is not aware that the state has imposed a fine against the hospital for the breach. However state fines could amount to $25,000 for the first violation, with subsequent breaches costing $17,500 each.
Anderson said that at Tri-City, a 397-bed district hospital in Oceanside, 30 miles north of San Diego, "our top priority is ensuring the health and wellbeing of our patients, which includes protecting their privacy. As a fundamental part of that commitment, we provider our employees privacy and confidentiality training when they are hired and later on an ongoing basis."
A hospital spokeswoman said further details, such as when the breaches occurred, were unavailable.
Cheryl Clark is a senior editor and California correspondent for HealthLeaders Media Online. She can be reached at firstname.lastname@example.org.
Sarah Kearns is an editor for HCPro in the Quality and Patient Safety Group. Contact Sarah at email@example.com