Social media presence is an essential component of your practice’s digital strategy. Being active on social media provides excellent opportunities for your practice to share updates, make announcements, promote your services and connect with your community. This marketing strategy is becoming more and more commonplace given the proven boost to business that it spurs. However, you must remember that nothing on social media is ever truly private. Even in a closed group or a one-on-one message, exchanges can be documented and shared. As a business on social media, it is your obligation to act as such – be professional.
For medical practices, protected health information (PHI) is your responsibility to watch over. HIPAA (Health Insurance Portability and Accountability Act) is one of the biggest concerns for private practitioners and larger hospitals alike. Proper compliance with HIPAA doctors, patients and staff safe and law-abiding.
Let’s get into some ways to be HIPAA-mindful when on social media…
DO stay current
Laws can change. It is the duty of each person working for your practice to know (and keep knowing) all the rules and regulations of HIPAA. Make a habit of regularly checking the website of the U.S. Department of Health and Human Services. You will find rules, updates and news to keep you in the loop with the latest.
To drive the point home once more – EVERYONE who works in your practice needs to be trained in HIPAA compliancy and continue to be well versed in the rules. Even if they have nothing to do with social media or any public-facing duties, there is always room for error.
DO be prepared
Create a guide for your social media strategy! It’s not only fun but incredibly helpful. Lay out the policies that you everyone should adhere to when online as employees or as the practice itself. Everyone should be familiar with it but keeping copies on hand won’t hurt. In your guide, establish policies such as logos, brand colors and posting frequencies but also get into the nitty-gritty such as off-limit words or phrases, inappropriate content and confrontational patients.
Again, proper training is non-negotiable. You want to walk employees through real-life data breach scenarios to best prepare them. Challenge them to use their HIPAA training and common sense to come to a resolution. Afterward, discuss the decisions that were made, whether or not they comply with the guidelines and whether or not people feel like they are ready to take ownership of the responsibility.
DON’T mix home life and work life
Don’t mix business and pleasure. Website, email accounts, social media profiles – personal and work should always remain separate. It’s not unthinkable for a patient to start feeling a little too chummy and decide to send you a friend request or shoot you a personal email. This can happen to both physicians and staff. Things can very easily get messy and quickly put you at risk for violations and fines. The best course of action is to keep everything public facing. If a patient does reach out to you via a personal method, simply direct that person to the business accounts. You are not required to delve any deeper than that.
DON’T talk about patients
Never post about patients. Ever. Not even in broad, general terms. Even if you think you’re being subtle, you’re not. Keeping a patient’s identity completely anonymous is extremely difficult to do. The best thing to do is to avoid identifiers entirely. Never include basic details such as race, gender, appointment date, appointment time and practice location. Given the right reader, it could be possible to deduce who that patient is and their privacy is now compromised.
Here’s a great rule to stick to when it comes to talking about your practice on social media: when in doubt, just say no. If there is any chance at all that the information you are about to post could violate the privacy of a patient, just don’t do it. Stick to patient-free news about your practice: new procedures, insurance updates, recent awards, new employees, etc. Create a social media guide and stick to it. Additionally, ensure that everyone in your practice gets familiar and stays familiar with HIPAA compliancy. Keep your practice and your patients safe.