Birth Stories and Social Media

Health Information is anything that "relates to the past, present, or future physical or mental health or condition of an individual, the provision of health care to an individual, or the past, present, or future payment for the provision of health care to an individual." Example: If you client gives you a great recipe for zucchini bread, that is not health information. Anything that is about the person themself, probably is.

Tier 1: A violation that the covered entity was unaware of and could not have realistically avoided, had a reasonable amount of care had been taken to abide by HIPAA Rules (Minimum fine of $100 per violation, up to $50,000.) Tier 2: A violation that the covered entity should have been aware of but could not have avoided even with a reasonable amount of care, but falling short of willful neglect of HIPAA Rules. (Minimum fine of $1,000 per violation, up to $50,000.) Tier 3: A violation suffered as a direct result of “willful neglect” of HIPAA Rules, in cases where an attempt has been made to correct the violation (Minimum fine of $10,000 per violation, up to $50,000.) Tier 4: A violation of HIPAA Rules constituting willful neglect, where no attempt has been made to correct the violation (Minimum fine of $50,000 per violation.) Please note: These figures were as of 2013, and that document also specifies that there should be adjustment for inflation! So minimum fines are even higher now.

Whether the subject is protected health information (PHI) on social media, or anything else, it is important to keep in mind the difference in these concepts. A general consent form, sometimes called a blanket consent form, covers all possibilities. A specific consent form is just that - specific! Specific consent forms are more likely to prevent problems down the road. In some situations, a general consent form will not meet the standards set forth by HIPAA. Safest bet: When in doubt, spell it out!

Probably not. One important element of these written consents is that they must spell out exactly what Protected Health Information (PHI) will be disclosed. Because it is impossible to know what health information will even exist at the start of care, those general waivers do not allow you to disclose detailed information. For example, if you want to post a birth story about a posterior birth, a consent at the start of care could not specify the fact that the baby was posterior, so they would be unable to give consent to that fact ahead of time. Safest bet: If you want to make a post about a client's birth, ask them to sign a consent that specifically includes the proposed post (both words and photos).

When it comes to Protected Health Information (PHI), any consent can only cover what the consent specifically describes. It is easy to use a consent at the start of care to cover the routine disclosure of basic information, like the first name and weight of new babies. It's also easy to use this consent to cover anything the client writes...for example, the client writing their own birth story, and submitting to you to share on your business page. (Remember: A social media consent needs to meet all the criteria for written authorizations for marketing.) Safest bet: If it can't be easily explained in a general consent, it needs a separate one.

Again, it depends if the photograph(s) can be accurately described in a general consent. The consent must not only give consent for the photo, but for the specific private health information that is depicted in the photograph. A group photo from a client reunion picnic? That's easy to include in a blanket consent at the start of care. But graphic photos of their birth? Those need a separate and specific consent. Safest bet: For photographs taken during any time care was provided (births, prenatal or postpartum visits), include the actual photograph you are requesting permission regarding in the consent. Next best option would be to include a detailed description of each photograph, such as "Photo 1: Arbor in birth tub, holding Baby Wren. Both people are unclothed, but no genitals or nipples are showing. The tub water is red due to blood loss."

Previously, doulas were not legally required to follow HIPAA privacy protections. However, recent Medicaid coverage of doula services in some states requires doulas to take HIPAA training. Between that, and a new NPI code for doulas, it seems that doulas may be required to follow HIPAA privacy practices in the future. Safest bet: Following HIPAA privacy practices helps ensure ethical handling of protected health information. So whether it is required or not, following HIPAA standards will only help, not harm, doula clients.

Do you have a question about Protected Health Information (PHI) on social media, that isn't covered here? Email [email protected] - we'll add it to the FAQ if it makes sense to do so!

It's important to remember that the story of a birth belongs to the birthing parent and the baby. It doesn't belong to those in attendance. Should the birth happen outside the home, it doesn't belong to the birth center, or the hospital.

It's so exciting when a birth happens...and for those welcoming the new baby into their family, it can also be overwhelming, exhausting, and nearly universally, Not Exactly What They Thought It Would Be. (This is true for everyone, even those with previous children.) As birth workers, it is our duty to safeguard the focus of those tender early days, and support the family in ignoring outside stressors. Many midwives and doulas provide families with a sign for their door, asking visitors to support the family in preserving their privacy. So ask yourself: Is this the time to ask them to review a legal document so you can share a story about their vagina for your marketing purposes? Safest bet: If you want to ask your client to share information that is beyond what could easily be covered in a general consent, it is best done after the conclusion of care, to avoid any unintentional coercion that the client could experience.

Do you have a question about health information on social media, that isn't covered here? Email [email protected] - we'll add it to the FAQ if it makes sense to do so!