Many medical practices, whether independent or part of a larger organization, now use social media as an important way to reach the local market. While social media can be a powerful communication tool, care needs to be taken to ensure patient information stays protected.
No medical practice wants to find themselves in hot water over a HIPAA violation, yet every year some do. Most are unintentional, but all are embarrassing and costly – both to the involved individuals, and to employers like you. Both PHI and ePHI are protected by HIPAA, regardless of the technology platform used.
One recent example happened at Spectrum Health in March 2021. A group of resident doctors posed for a group picture – in the operating room. Unfortunately, patient body parts were visible, and those patients had not signed consent forms to have pictures taken. Violations have been recorded by users on Tik Tok, Facebook, Twitter, Instagram, and even Yelp. Organizations and employees can be held liable – even for the same violation. Most employees lose their jobs at the very least, while others face serious charges and even loss of licensure.
HIPAA and Social Media Compliance Guidelines
Stay out of the news – and refresh your memory about social media and HIPAA rules with the following general guidelines from HIPAA Journal:
1. Develop an organizational policy regarding social media and how it used for your practice, then make sure it is reviewed annually. New forms of social media become popular, meaning that language and examples may need updated.
2. Standardize the way in which the organization responds to social media comments from customers/patients. Even if a patient supplies PHI, it is important that the organization protect information and continue the conversation offline.
3. If any patient photographs, testimonials, or other features are used, written consent must be obtained from all patients involved.
4. All employees should be trained upon hire and annually about HIPAA, with social media as a part of that training. Employees should also be aware of the possible penalties for violations – including fines, loss of license, and even criminal penalties. Help employees understand the rules by using examples and scenarios to illustrate violations.
A complete HIPAA compliance program relies upon careful handling of PHI, documentation – such as through HIPAA-compliant online forms, and continuing staff education to be successful.
