Social media has become the number one tool to connect with anyone…friends, family, employers, celebrities and, of course, brands! Even healthcare organizations use different platforms to establish relationships with patients on a number of levels. Providing information about services, tips for staying healthy and the organization as a whole is made easier through the use of Facebook, Twitter, Instagram, and other platforms. However, HIPAA (Health Insurance Portability and Accountability Act) regulations do place some restrictions on what can and cannot be publicly shared. Disregard for these rules and patient privacy on social media could result in severe consequences. So, how can healthcare organizations and their employees use social media effectively without violating HIPAA?
1. Never disclose protected health information.
This may seem like a no-brainer, but this is one of the most common violations of HIPAA. Even if you don’t provide a patient’s name, consider that any information (even offhand remarks about medical cases) can be traced if you post about the circumstances. If you find yourself in a situation where you wish to share a patient testimonial, it’s vital to have the patient’s consent in writing before posting. Train your staff to know HIPAA personal identifiers so that they understand when permission is needed:
2. Take it one step further by establishing a social media policy.
According to the Institute for Health, 31% of healthcare organizations have specific social media guidelines in writing. Having a written policy ensures that everyone is on the same page and is aware of any limitations as well as the consequences if said limitations are violated. Topics such as networking during working vs. non-working hours and what is okay to share photos of are great discussion points.
3. Keep professional and personal accounts separate.
Frequently, physicians use one account for both personal and professional purposes, but this practice could place a target on your back for HIPAA infractions if you’re tagged by patients in posts. We recommend having an account specifically for your practice, and we suggest avoiding adding any patients as “friends” on your personal profile. If a patient were to ever tag you in something with confidential information, the best solution is to not interact with the post.
4. Be wary about giving medical advice online.
Furthermore, addressing complaints or giving medical advice directly on social media, whether as a response to a question or as a fun fact, can impose a risk. Keep in mind that holding an “MD” after your name puts you at the highest of regards to those who did not attend medical school. Additionally, should something negative happen to someone you gave advice to online, it’s possible you could be held accountable in a malpractice lawsuit. Always point patients to your website or direct them to contact a doctor or clinic if they have healthcare-related questions.
5. Use social media to your advantage.
Although there are some limitations, using social media can certainly boost your organization’s awareness! Try posting about common health tips or new medical research to inform your audience. You can also include details of events held by your practice, feature your team members and announce honors or awards received (or granted) by your organization. These all promote credibility in your field and position you as a leader in your industry.
Consequences for not complying with HIPAA’s social media guidelines can put a dent in your wallet and/or your career. Not only is there a possibility of fines between $100-$1,500,000, but also lawsuits, job termination and loss of your medical license. Depending on the severity, jail sentences are also common. So, rather than deal with the aftermath of violations, take these steps to benefit your organization, encourage patient privacy and be HIPAA compliant all while remaining relevant in the social media space!