HIPAA and Social Media

Strategies for Protecting Patient Privacy in a HITECH World

June 13, 2012

McGuireWoods Webinar

Strategies for Protecting Patient Privacy in a HITECH World

June 13, 2012 Webinar

Archived media:

  • Webinar playback

The Health Information Technology for Economic and Clinical Health Act, or HITECH Act, dramatically increased civil monetary penalties for unauthorized releases of protected health information and added significantly to the Office of Civil Rights’ enforcement resources. Recent U.S. Department of Health and Human Services (HHS) investigations into violations of the Health Insurance Portability and Accountability Act (HIPAA) represent a sea-change in the nature of HIPAA compliance — from one of education and the handling of paper records, to one of enforcement and the security of electronic media. Perhaps more significantly, HHS and OCR seem invigorated by the passage of HITECH and have made clear through their enforcement actions that technical security and unauthorized disclosures via portable electronic devices are squarely in their crosshairs. Part and parcel of this enhanced scrutiny is OCR’s concern about security breaches through social media, as that technology becomes an increasingly popular form of communication.


  • The extent to which HHS may expect and demand that covered entities and their business associates take steps to identify breaches and engage in corrective action to mitigate the extent of breaches, including those made through social media outlets.
  • How social media can be used as a competitive advantage through brand enhancement and patient engagement.
  • The importance of a comprehensive social media strategy that protects against patient privacy violations.
  • The necessary steps covered entities must take in the event of an inadvertent disclosure of protected health information.


  • Tom Hearn, Managing Principal, Novarus Healthcare LLC
  • Greg McNeer Jr., JD, Stratford Consulting
  • Holly Carnell, Associate, McGuireWoods LLP