In this ever growing age of technology just about everyone is using social media for their business as a tool for sharing information. A few weeks ago I published an article via Patricia Redsicker’s website about this very topic and now I’m bringing this very important information to the Design Theory readership.
The e-patient movement actively uses social media to inform themselves and each other about health and wellness issues, breakthroughs and programs. Social media is not only quick but also quite cost-effective. But when it comes to the sticky topic of patient privacy and HIPAA, the fast and fun use of social media becomes guarded like the White House.
Healthcare businesses want a seat at the social media table too but come under heavy scrutiny (and sometimes fire) for using blogs, Twitter, Facebook and other channels. Although there’s no rule saying you can’t use these platforms for healthcare marketing, no one wants to pay heavy fines for breaching the laws protecting patient health information.
So let’s take a look at 5 ways you can ensure HIPAA compliance within social media use.
#1. What’s the Motive?
The primary goal of any social communication from a healthcare practice or marketing company should be to educate and help patients, families, and employees improve their knowledge of health-related topics and their overall well-being. That said the information should be generalized to protect the personal identity and likeness of any patient.
#2. To Post or Not to Post
Make sure you do not post any protected health information (PHI) or patient related imagery that can be linked back to a particular person via any social media channel or professional blog. While it is acceptable to post photos of your facilities, staff, and marketing images for different campaigns, be sure to crop out images of patients visiting your business unless they have consented in writing.
#3. Monitor Your Online Discussions
If a healthcare business is using social media to reach patients and colleagues alike, tread lightly when engaging in online discussion forums that go from generalizations to specific advice. Healthcare professionals need to proceed with caution and may want to include a disclaimer on blogs and web pages where they provide health information. Another layer of protection is to always encourage people to consult with their own physician or come to the office for an in-person consultation.
#4. Get it in Writing
A great way to market within the healthcare community is to publish “human interest” stories, which include stories from real patients. These important stories can be published on social media channels as long as they don’t violate HIPAA. If you are interested in using a patient’s likeness for any kind of promotional use, you are required to get written authorization granting permission to use protected health information (PHI) for specific marketing literature, campaigns or videos.
#5. Go With Your HIPAA Gut
If you’re in doubt about any content that you are creating, publishing or sanctioning others to publish, go with your gut – the age old saying “if in doubt, don’t” should be your general rule of thumb. Also any concerns or questions as to whether or not a line is being blurred or crossed should be vetted by HIPAA-trained staff member to ensure compliance.
It is perfectly fine for healthcare companies to use social media for broadcasting their message, engaging a following, and driving traffic back to their website. But all this must be done within the HIPAA confines to ensure that they don’t get into any kind of legal trouble. Violations of the unauthorized disclosure of identifying health information can result in fines up to $250,000 and/or imprisonment in addition to sanctions for an ethical breach.