You didn’t start it, but if you’re a medical practice, you could be liable for it. In a decade where everything is displayed on the internet, you’d think that the public would realize that there’s no such thing as privacy when it comes to the world wide web. Still, medical practices face the challenge of what to do when someone posts specific, private medical information on the practice’s Facebook page or other social media accounts.
The Health Insurance Portability and Accountability Act (HIPAA) safeguards patient information. In a nutshell, it means that only those involved in the patient’s direct care should have access to his or her medical information. According to Hive Strategies, a company that specializes in creating HIPAA-compliant online health care communities, a patient may disclose personal health care information on your site, but the minute you respond, retweet or share it on any personal accounts, you’re giving it “new life.” This could technically land you in hot water. In addition, your social media sites should be monitored regularly, and you should remove any posts from patients that divulge personal information.
Of course, the best way to avoid the problem is to keep patients from doing it in the first place. But how? The key is education.
Educating Your Patients
Use the blog
Many patients may not realize that they shouldn’t post personal health information on social media, erroneously thinking that only the physicians will be able to see it. One of the first steps is to educate your patients about what is and what is not acceptable to post on social media. One way to do this is to provide information in a blog post. By publishing a blog about the do’s and don’ts of putting information on social media, you help your patients make good decisions about who should—and should not—see their information.
Use posters around your office or waiting room to convey the importance of safeguarding privacy. This will warn your patients about the dangers of posting private health care information
Direct patients to your patient portal
Technology can be a useful tool to help patients and caregivers work together toward a healthier life, but at the same time, it creates several challenges. Patients may want to interact with their physicians online by asking questions, and even if they don’t post private information on the Facebook “wall,” emailing doctors through social media sites is a bad idea. These sites do not have the encryption levels needed to ensure a higher level of security. If you have a patient portal, it’s in everyone’s best interest to direct patients there. By distributing information about the portal, you may discourage patients from asking questions through inapproporiate venues. In addition, do not answer friend requests from patients on your personal Facebook page; that may indirectly encourage them to contact you through an unsecure email connection or even through your Facebook news feed.
If a patient is facing a serious health care issue, such as cancer or a kidney transplant, he or she will naturally want to keep friends, loved ones—and perhaps members of your health care team—up-to-date with the latest progress reports. However, your medical practice social media page is not the place for them to do so. The Journal of Pharmacy and Therapuetics suggests encouraging patients to set up a website specifically designed for posts regarding medical events, which they can do through non-profit sites such as CaringBridge.
Is your social media plan in place?
Social media has a lot of benefits, but before your practice launches its Facebook or Google+ page, you should have a detailed policy in place detailing the right way to use social media. Following are some useful resources for additional information:
- Your malpractice insurance
Often, insurance companies will have a list of suggestions for using social media the right way and for informing patients about the dangers of simply putting their medical information “out there.”
- Professional and regional organizations
The American Medical Association and similar groups have developed detailed policies and position papers concerning the use of social media.
- Peer-reviewed medical journals
These often contain useful information that can help you establish policies.
It may not be fair, but health care institutions are held to a much higher standard than patients when it comes to HIPAA. With a few simple precautions and a dose of common sense, you’ll be able to navigate this minefield.
Established in 2000, Proclaim Interactive is a think-out-of-the-box digital marketing agency located in Wilmington, NC. Proclaim Interactive provides website design, social media management, SEO and general marketing services designed to amplify clients’ messages. For more information, visit www.proclaiminteractive.com or call 910.795.4143.
American Medical Association. “Opinion 9.124 – Professionalism in the Use of Social Media.”
Farnan JM, Snyder SL, Worster BK, et al. “Online medical professionalism: patient and public relationships: policy statement from the American College of Physicians and the Federation of State Medical Boards.”
Hinmon, Dan. “Five Mistaken Beliefs that Lead to HIPAA Violations.” Hive Strategies.
Ventola, C. Lee. “Social Media and Health Care Professionals: Benefits, Risks, and Best Practices.” Pharmacy and Therapeutics