Social media is a terrific way to reach out and stay in contact with your patients. However, the risks created by social media cannot be ignored. Individuals, even major corporations, are having their accounts hacked, sometimes even taken over by the perpetrator.
What if someone got hold of your Twitter account? Your Facebook page? For an individual, this is an annoyance. For a HIPAA-covered entity, this could become a HIPAA incident, or worse, a breach.
Controlling access to your social media accounts is just the first step in ensuring their security, says Katie Lay of HIPAA Risk Management, a HIPAA security consulting company, and co-author of TMA's publication, HIPAA Security: Compliance and Case Studies. Most social media platforms now provide two-step verification (TSV) (also known as two-factor authentication). TSV requires two of three authentication factors: (1) knowledge, (2) possession, or (3) inherence.
An example would be using your debit card at an ATM. It requires your card (possession), and your PIN (knowledge). On social media platforms such as Twitter and Facebook, TSV also uses the knowledge and possession factors. You log in as normal, with your username and password. Once that is successful, you will receive a text on your cell phone giving you a unique code number that you'll use to complete the login process. Using this method, anyone trying to access your account would require the knowledge of your username and password, and would have to have physical possession of your phone.
Learn more about two-step verification and where you should be using it on this lifehacker.com blog post.
For more helpful information about elements of a comprehensive HIPAA compliance program, HIPAA Security: Compliance and Case Studies is available in the TMA Education Center, along with other HIPAA-related CME opportunities.
Published Sept. 24, 2014
TMA Practice E-Tips main page
Last Updated On
May 30, 2019
Originally Published On
September 23, 2014