What happens on social media doesn’t stay on social media, and other lessons learned at the #HCCAci

Social media was the issue of the day at the Health Care Compliance Association’s Compliance Institute (CI), which was held in Law Vegas, Nevada this year. Throughout the four-day event, health care compliance professionals tweeted, pinned, and “Instagram-ed” their way through the lectures, discussions, and networking events, while at the same time, ironically, learning a great deal about the growing popularity of social media and the dangers it may pose when it comes to your compliance program.

Even before the CI began, attendees were invited to follow the CI Pinterest page and begin to tweet and post pictures to Instagram using the hashtag #HCCAci. During the conference, social media savvy professionals were invited to network in a “Tweet Up” event; even after the conference was essentially over, participants let loose and posted pictures of their adventures in the City of Lights. As such, the role that social media plays in our current professional and personal realms was plain to see simply through the role it played at the CI this year alone.

At the general sessions that kicked off the conference both Dan Levinson, Inspector General (IG), and Leslie Caldwell, Assistant Attorney General of the Criminal Division of the Department of Justice (DOJ), noted that areas of health information security and privacy were among the most important areas to watch. In many of these arenas, according to Caldwell, the government is often behind the learning curve. As such, it would behoove compliance officers to look beyond the guidance put out by these agencies and into the future, with an eye to what new technologies are available and how they are being used.

Donald A. Sinko, Chief Integrity Officer at the Cleveland Clinic and a presenter at this year’s CI, once said that, “One of the greatest risks of social media is ignoring social media.” Presenters at breakout sessions at the CI took heed of that sentiment and focused many of their lectures and discussions on the role that social media and social media-related issues are playing in the compliance world. Most notably, Frank Ruelas, in a presentation “#HIPAA: How Social Media Impacts HIPAA Compliance,” drew lines between how many people use social media, for what purposes, and how those practices can lead to HIPAA breaches in the health care provider environment.

Ruelas encouraged audience members to volunteer their own stories about how social media affected their compliance officers, noting that it makes sense to think about social media–which is often driven by the youth population–and HIPAA together because HIPAA is a teenager itself. Ruelas concluded by urging compliance officers to “codify, illustrate, and judiciously enforce expectations” when it comes to social media use in the workplace in order to get closer to an effective compliance program. In a related presentation on emerging challenges in mHealth, David Holtzman and Web Hull, discussed how mobile health apps and wearables are playing a larger, and in some cases more concerning, role when it comes to health data privacy and security. As Hull put it, the biggest challenge concerning mHealth “is that what we are dealing with now is just the beginning.”

The second day of general sessions brought about a seeming round up of the issues discussed in the previous day’s general and breakout lectures from a somewhat surprising source. Cam Marston, a researcher of generational trends in the workplace and marketplace, spoke to the CI crowd about how individuals in different generations (baby boomers, “Gen Xers,” millennials, etc.) differ in terms of their backgrounds, the ways they were raised, how they act in the marketplace, and, most importantly, how their work attitudes and styles differ. The biggest gap between the generations with regard to work environment and marketplace is perhaps the issues involved with the advance of technology, including the growing popularity of the reliance on social media in our personal and professional lives.

In Ruelas’ social media discussion, one compliance officer in the audience mentioned that one of her employees was found to be taking pictures, that were perhaps in violation of HIPAA, and posting them on Snapchat, an image messaging app and social media outlet. She explained that in order to truly understand the problem she had asked younger people in her family to help explain Snapchat to her and had obtained the app for herself and started using it in an effort to understand how it functions. In this way, we can see how it possible to bridge the divide caused by social media use and embrace its existence in a health care setting. Ruelas explained to his audience, social media “runs through the veins” of its users and, therefore, assuming that they will not use it at work without having policies that explicitly prohibit or explain proper use of it is not a good avenue to go down.

As the role of social media takes up more of our lives, it takes more of our work as well. As such, it is promising to see how compliance professionals are embracing it as both a tool for their own networking and knowledge spreading and recognizing it as a potential outlet for compliance issues in the workplace. Although what happens in Vegas may stay in Vegas, what happens on social media is for the world to see, and, as such, compliance professionals should be on notice of that.