By Gil Vidals, , HIPAA Blog

When Israeli-based Onavo came under the ownership of Facebook in 2013, the move was touted as providing a boost to CEO Mark Zuckerberg’s Internet.org initiative to “help bring web access to the world’s underserved communities.”

The mobile analytics company would essentially provide Facebook users with a VPN, or Virtual Private Network, a secure connection to protect their browsers from malicious sites. The app, which is prompted by Facebook with a “protect” Banner on iPhone (already active on Android since 2016), calls on users to download the VPN for online security purposes; essentially, to prevent other ISP’s and websites from tracking them.

What many users miss is that they are also agreeing to let Facebook “track them” and share their data, specifically, how they use Facebook on their phones. This, Onavo’s founders report, is how Facebook can learn to use “data more efficiently, to allow more people around the world to connect and share.”

Whether or not one is in favor of allowing this kind of “spyware” on their devices, this latest news should serve as a reminder, especially for medical practices and professionals bound by HIPAA regulations, how widely social media information is being disseminated.

Certainly, health blogs, videos, and articles posted on Facebook and other social media platforms can be a great way of providing excellent information, as well as marketing to the general public. But doctors, healthcare practices, and all “covered entities” must exercise added caution when posting or messaging on social media sites like Facebook.

One careless post of a personal nature – even if done “anonymously” for teaching purposes – may cause an unintentional disclosure of protected health information, causing damage far beyond what might have been
first envisioned.

For this reason, remember to follow this “practical wisdom” regarding how to engage social media with HIPAA in view.