Social media sites such as Facebook, YouTube and LinkedIn are becoming the norm for practices. But how do you avoid violating HIPAA or privacy regulations as you increase your social media presence?
Posted in Risk Management on Tuesday, February 19, 2019
Here are some helpful tips:
Social Media Professional Page
Identify the types of content you would like to include. For example, general information about a specific condition and how chiropractic or naturopathic care can help. Your social channels should not give healthcare advice, provide treatment options or share sensitive health information. This includes not sharing photos of your patients.
Determine who will represent the practice in responding to social media questions. Designate who will access, monitor, provide and maintain the content. Decide whether updates will only be done during working hours.
Provide your contact person with training on public relations and social media usage. This can range from e-training to in-depth consultant training. Responding to hostile online reviews requires deftness and tact. In the heat of the moment, it can be easy to overreact and make comments that have to be taken down later, after damaging the reputation of the practice.
Consider contracting with an IT consultant to set up your initial security, check the practice pages for issues and monitor for breaches in security.
Address how inappropriate use of the site will be handled and identify the ramifications of noncompliance. For example: “unauthorized disclosure of PHI or inappropriate and/or unprofessional behavior will result in immediate termination of employment.” However, make sure your privacy policy is in harmony with your employment policies; workers have rights, too, and some attempt at remediation is often the correct thing to do.
Practice Prohibits the Use of Social Media and/or Electronic Devices
Identify who, what, when, where and how. Any devices that can text, photograph or video patients? All staff, patients, visitors and vendors? Make sure your policy notes any exceptions. For example, devices may be allowed in non-patient-care areas during designated breaks or in cases where a patient’s health and safety are in jeopardy.
Inform staff, patients, families and vendors about the policy and that everyone is expected to comply. Address the ramifications of noncompliance. For example, what disciplinary actions would be taken for noncompliant staff versus patients and family members?
Discuss with team members the importance of caution when sharing information on social media. Some people like to post their day-to-day frustrations on social media as a way to solicit support from friends. In the healthcare world, however, this is fraught with risk. Make sure your team does not share information or opinions about patients, even without names, on social media.
Train Staff About Potential HIPAA Breaches Through Social Media
Provide guidance to staff on what to avoid and what to do if PHI breach is suspected or confirmed.