PHI faux pas: social media and the unauthorized disclosure of PHI.

The pervasiveness of social media in modern communication has created increased liability for healthcare providers when trying to safeguard patients' protected health information (PHI). This article addresses a few of the most basic but pervasive ways, including "friending," "tagging," and "blogging," that PHI is unthinkingly shared on social media platforms and the precautions that providers can take to avoid such unauthorized disclosures. It is recommended that healthcare providers: 1) require online "friends" to agree to a written disclosure before connecting; 2) avoid tagging or posting photos online that include images of patients; and 3) do not comment or write about a patient on any online platform or blog without written approval from the patient.

What's that, you say? Employee expectations of privacy when using employer-provided technology--and how employers can defeat them.

Two 2010 court cases that determined the effectiveness of policies governing employees' use of employer-provided communication devices can be used to guide employers when constructing their own technology policies. In light of a policy that stated that "users should have no expectation of privacy or confidentiality," one case established that the employer was in the right. However, a separate case favored the employee due, in part, to an "unclear and ambiguous" policy.