Ten years after the launch of Twitter, the advent of social media continues a new frontier for marketers across all industries. Part gold rush, part Wild West. This is especially true for those in the healthcare industry, which not only have to distinguish their practices among the noise, but do so without releasing PHI and violating HIPAA compliance. According to a recent AMA report on Social Media and the healthcare industry titled “Why Can’t We Be Friends”:
The use of social media in the healthcare setting raises a number of professionalism issues including concerns related to privacy and confidentiality; professional boundaries; recruitment; the integrity, accountability, and trustworthiness of health care professionals; and the line between professional and personal identity. Below we discuss the first issue, which is foundational to the others.”
In one study, 90% of doctors prefer open social media platforms to closed online medical communities, the opportunities for compliance issues are astounding. Thankfully balancing effective social media and compliance isn’t the tightrope walk it may appear to be.
We discussed some of the ins and outs of HIPAA compliance in a previous post. With HIPAA settlements routinely exceeding six figures having an understanding of the types of violations is the absolute first step in avoiding a catastrophic mistake. Part of that training should include the following considerations when dealing with social media.
This should go without saying but the fact is that we live in a world that generally believes that any and everything is worth sharing online. When it comes to HIPAA and social media doing things like sharing client related information, in particular the posting of unauthorized images on social media, has become a serious problem to the point of becoming a congressional conversation. Last month Senator Thomas R. Carper, in a letter to the Department of Health and Human Services’ Office for Civil Rights, brought to light the recent rash of nursing home employees posting inappropriate photos and videos of residents on social media. The letter was sparked by a ProPublica investigation that revealed thirty-five incidents across nineteen states in which photos of nursing home residents had their pictures posted without written or verbal permission.
Lower level support staff including technicians, administrators and maintenance can also trigger a HIPAA violation. For most folks, sharing about a rough day with a customer online is cathartic. For those working in healthcare, regardless of position sharing day to day work details can result in a huge fine.
Between social media apps integrating with everyday life more and more, combined with billions of users worldwide, even a momentary social media mistake can go viral. The assumption that the things you post, even if deleted a moment later, will potentially be seen by thousands and reside permanently on the internet will help ensure your additional attention to your posts, both professional and personal.
Developing protocols for your practice's and staff’s social media will not only make maintaining compliance easier it can also increase the efficacy of your campaigns. A solid social media plan includes a wide array of details including branding, key messages, posting times and scripts. Add to this guidelines for how staff should manage their social media with regard to office business and you’ll have a solid platform to launch your practices social marketing. Remember that while any HIPAA compliance issue can be devastating to your practice, one involving social media can also be damaging to your overall reputation. It’s bad when a single person happens to see a patient’s PHI, imagine when it’s exposed to millions on a social media network like Twitter.