Some practices are allowing HIPAA regulations (Health Insurance Portability and Accountability Act) to keep them from taking advantage of social media platforms such as Facebook, LinkedIn, Twitter, YouTube, Pinterest, Foursquare and blogging.
But if you’re having second thoughts about engaging with your potential patients on social media networks, you can be sure that your competition is way ahead of you. Take a look at these tips that will help ensure that you avoid HIPAA violations.
1. Keep your personal and professional life separate
Set up different social media accounts for communicating with friends and family, and share specific content on each of the accounts. Make sure you don’t share your vacation photos on your practice’s Facebook page. Create a specific Facebook business page for your practice, and not a personal page.
2. Never friend patients on your personal Facebook page
Having a dual relationship with a patient that is social, financial or personal can lead to serious ethical issues that can impair professional judgment. If you get friendship requests from your patients, ignore them and redirect them to your practice’s page. The simple existence of a patient-physician relationship could be a violation of HIPAA.
3. Do not practice medicine online
While it is possible to conduct a hospital-patient relationship online, best practice would be to initiate the relationship in real life and obtain the necessary authorization from the patient to continue the dialogue online. Even then, try to avoid practicing medicine online.
4. Get patient’s permission
For testimonials or success stories always get patients permission. Many practices have created patient waiver forms, which patients can sign to allow their stories to be publicized. Patients are often willing to sign waiver forms, once they understand your intentions of using the story for online/offline promotional material. Not everyone agrees to the request, but many do.
5. Let your patients do the promoting themselves
HIPAA regulations are only enforced for practices providing the care of the patient. Patients and their caregivers can tell their stories and post photos of themselves on a practice’s Facebook page freely. The Children’s Hospital of Boston is one of the leaders in the nation for social media efforts, and has more than 700,000 likes to its Facebook Page.
6. Instant Messaging
Interact with your patients online but take conversations offline. When you feel that comments or questions on your social media platforms are approaching HIPAA violations, take them offline. Ask the patient to call your hospital for more details or send you an email with their questions.
7. No Protected Health Information (PHI) may be posted
Facebook posts are not on the list of allowed disclosures of PHI and HIPAA privacy clearly specifies it. This applies whether the practice’s employees post while at work or on their own time.
8. Educate your staff
You practice’s staff members must also get acquainted themselves with HIPAA regulations. If your employees take a group photo of patients at an event, they must all have waiver forms signed in order to end the risk of a HIPAA violation. Make sure that all your employees who are participating in your social media on behalf of the practice, have been fully trained, and that they understand your policies and procedures regarding social media use.
9. Don’t be specific
When referencing particular conditions, cases, and treatments, be as general as possible. Do not describe specific detail (age, sex, occupation) that can be identified. Never mention a patient name without their consent.
For examples on how to run a social media strategy free of HIPAA violations, visit the Facebook page of Green Valley Kids.