The Challenges of Social Media and HIPAA Compliance
While digital technology and marketing are vital for your brand, they can also get you in trouble under the Health Insurance Portability and Accountability Act (HIPAA). The news is consistently reporting data breaches from the medical community, many of which arise out of physicians’ use of social media. The key takeaway here is that most of these instances could have been avoided.
Sharing too much information on social media platforms can have devastating if the patient-specific information is shared. To better understand how social media and HIPAA violations in your medical practice should be handled, we have put together a few tips. To gather some expert insight into promoting your health practice through technology correctly we spoke with St. Louis Chiropractor, Vital Force. They gave us a few prevention tips that you will read below and stated, “The most important thing to remember is that even an innocent post on social media can get you in trouble with HIPAA, state privacy laws and state chiropractic boards.”
Typical examples of digital marketing HIPAA violations include:
- Posting verbal “gossip” about a patient to unauthorized individuals, even if the name is not disclosed.
- Sharing of photographs, or any form of PHI without written consent from a patient.
- A mistaken belief that posts are private or have been deleted when they are still visible to the public. Even if you have something set on private, don’t post it.
- Sharing of seemingly innocent comments or pictures, such as a workplace photo which happens to have visible patient files in the image.
What You Can Do to Prevent a Social Media and HIPAA Compliance Violation:
- Train Employees. Make sure to train all employees thoroughly on HIPPA Privacy. Even employees that don’t normally have the task of marketing or posting on social media should understand the policy. If you don’t already have a policy written, Healthcare Compliance Pros created a sample Social Media Policy you can use that can be customized based on your organization’s specific social media guidelines.
- Don’t post anything about patients without them knowing and allowing. If you wouldn’t say something in a packed elevator or busy lunch spot, don’t post it online.
- Keep your personal and professional lives separate. Do not friend request patients from your personal accounts or like and comment on their posts. Have your posts set so that only your Facebook friends can view them and make sure you stay up to date on the ever-changing privacy settings.
- Don’t share or engage with others posts that are not HIPAA compliant. Including, liking, sharing, retweeting, commenting, etc. You don’t want your name on something that could be penalized.
By providing communication and training to employees regarding potential mistakes while using online marketing, your organization will ensure technology a powerful tool for sharing information, experiences and expanding your business.