Social media sites such as Facebook, YouTube and LinkedIn are becoming more popular with DCs. But how do you avoid violating HIPAA or privacy regulations as you increase your social media presence?
by Mike Whitmer in Social & Electronic Media on Tuesday, February 19, 2019
Here are some helpful tips:
If the practice plans to have its own professional page on social media sites
Identify the types of content you would like to include. For example, general information about a specific condition and how chiropractic care can help. Your social channels should not give healthcare advice, provide treatment options or share sensitive health information. This includes not sharing photos of your patients.
Determine who will represent the practice in responding to social media questions. Designate who will access, monitor, provide and maintain the content. Decide whether updates will only be done during working hours.
Provide your contact person with training on public relations and social media usage. This can range from e-training to in-depth consultant training. Responding to hostile online reviews requires deftness and tact. In the heat of the moment, it can be easy to overreact and make comments that have to be taken down later, after damaging the reputation of the practice.
Consider contracting with an IT consultant to set up your initial security, check the practice pages for issues and monitor for breaches in security.
If the practice plans to prohibit the use of social media and/or electronic devices
Identify who, what, when, where and how. Any devices that can text, photograph or video patients? All staff, patients, visitors and vendors? Make sure your policy notes any exceptions. For example, devices may be allowed in non-patient-care areas during designated breaks or in cases where a patient’s health and safety are in jeopardy.
Inform staff, patients, families and vendors about the policy and that everyone is expected to comply. Address the ramifications of noncompliance. For example, what disciplinary actions would be taken for noncompliant staff versus patients and family members?
Discuss with team members the importance of caution when sharing information on social media. Some people like to post their day-to-day frustrations on social media as a way to solicit support from friends. In the healthcare world, however, this is fraught with risk. Make sure your team does not share information or opinions about patients, even without names, on social media.
If the practice will train staff about potential HIPAA breaches through social media
Provide guidance to staff on what to avoid and what to do if PHI breach is suspected or confirmed.