Your patients are using social media to inform decisions about their own health care, so as a smart healthcare provider, you should be using social media, too. But because of non-compliance concerns, you also must be judicious with its use. Social media is anything but private—and it's practically permanent. Once you put something on the Internet, chances are really, really good it will exist there forever. You may think you deleted that tweet or picture, but if someone took a screenshot of it, you haven't actually eradicated it. That's why developing—and enforcing—a social media policy that accounts for HIPAA compliance is critical for your rehab therapy practice. Like the Under Armour rallying cry, you must protect this house—er, your practice—from the legal ramifications and negative publicity of poor social media management. Here are several tips to keep your practice safe and social:

  1. Make sure your social media policy covers the supervision of those staff members who handle your social media platforms.
  2. Educate your staff on social media itself, and train them on your social media policy. Then, work with them to address and resolve compliance concerns.
  3. Establish a system to capture, archive, and easily retrieve electronic communications. As this Forbes article advises, you “may be required to produce information requested by the opposing party, which may include social media” if you ever find yourself in a lawsuit.
  4. If possible, approve content before it gets posted on a social medium. If not, Forbes suggests implementing technology that can monitor real-time social media posts for you—and flag any posts with the potential for non-compliance.
  5. Create pre-approved content and macros—short snippets of text—your staff can use for regular status updates or when they need to quickly respond to patients in sticky situations.
  6. Don't provide medical advice over social media—to anyone.
  7. Monitor your social media platforms regularly to ensure their appropriate usage by your staff (and pesky hackers). Be sure to enforce your policy—including the consequences for breaking policy.

Seven social media compliance tips are great—but ten is even better, so here are three more tips from Tom Ambury, as adapted from this blog post:

  1. Perform and document a risk assessment of your social media platforms.
  2. If you plan to use patient information or photos in a post, do so only with their express written permission (that means you need to obtain signed consent forms). Not only is this a required step, it's also courteous to your patients.
  3. While you should strive to avoid posting any HIPAA identifiers whatsoever—even on your personal social media platforms—apply the “minimum necessary” rule when, um, necessary.

Social media is an important part of any company's marketing strategy, but like a quarterback without a good guard, it can leave your practice vulnerable. Don't get sacked by HIPAA violations like Aaron Rodgers did on Sunday night. Instead, use these tips to create a strategy strong enough to tackle any tough social media situation.

The PT Patient’s Guide to Understanding Insurance - Regular BannerThe PT Patient’s Guide to Understanding Insurance - Small Banner
  • The Healthcare Provider's Guide to HIPAA-Compliant Marketing Image

    articleSep 14, 2017 | 6 min. read

    The Healthcare Provider's Guide to HIPAA-Compliant Marketing

    In 1966, US Congress passed the Health Information Portability and Accountability ACT (HIPAA). And as we explained here , this “dense piece of legislation...has serious implications for virtually all medical professionals, including physical therapists, occupational therapists, and speech-language pathologists.” Specifically, all HIPAA-covered entities—and that includes providers, payers, and business associates—“must follow certain rules governing the way patient protected health information (PHI) is collected, shared, and used.” And consequences for HIPAA breaches can be severe. While you may …

  • Sink or Swim: How Well Do You Know HIPAA? [Quiz] Image

    articleAug 30, 2016 | 1 min. read

    Sink or Swim: How Well Do You Know HIPAA? [Quiz]

    The threat of a HIPAA violation or breach is almost as scary as the thought of dangling your feet into a murky lake. (I mean, who really knows what lurks in dark water? Yikes!) That’s why we created this HIPAA quiz—to help you figure out how well you can navigate even the sketchiest of situations. And while we can’t promise that you won’t ever run into a lake monster, we can certainly say you’ll come out the …

  • 5 Things Small Practices Need to Know about HIPAA Image

    articleSep 20, 2017 | 9 min. read

    5 Things Small Practices Need to Know about HIPAA

    The Health Insurance Portability and Accountability Act of 1996 —a.k.a. HIPAA—does not distinguish between large and small practices. Fortunately, regulators do. While the law imposes the same requirements upon solo practitioners and large rehab hospitals, the manner in which those requirements are applied may depend upon your practice size. Contrary to what many providers believe, the onus of HIPAA’s requirements won’t hamper your clinical practice. In fact, I’ve found that they actually do the opposite: HIPAA provides …

  • The PT's Guide to Surviving a HIPAA Breach Image

    articleNov 9, 2015 | 5 min. read

    The PT's Guide to Surviving a HIPAA Breach

    Whether it occurs as the result of a lost work laptop or stolen patient files, a data breach of the Health Insurance Portability and Accountability Act (HIPAA) is a worst-case scenario for healthcare providers (and patients). If you’re a healthcare provider, the minutes, hours, and days following a breach are nearly as important as the steps you take to prevent those breaches in the first place. If you experience a HIPAA breach, here’s what you can do …

  • A 10-Point Plan for Smart and Secure Electronic Communications with Patients Image

    articleMar 15, 2018 | 8 min. read

    A 10-Point Plan for Smart and Secure Electronic Communications with Patients

    As emails and text messages have become ubiquitous, patient expectations around provider responsiveness have increased. Gone are the days when providers set aside time each afternoon to return calls; now, they can simply respond to their patients’ texts—but should they? Many physical therapists, regardless of their practice model or patient population, are surprised to learn that they may not be allowed to interact with patients in the manner they—or their patients—prefer. These same providers are typically even …

  • Is Your Practice HIPAA-Compliant? [Quiz] Image

    articleDec 12, 2018 | 1 min. read

    Is Your Practice HIPAA-Compliant? [Quiz]

    Back in 1996—long before the days of social media and smartphones—Congress passed the Health Insurance Portability and Accountability Act (HIPAA) as a means of governing the manner in which providers, insurers, and business associates collect, share, and use patient protected health information (PHI). Ultimately, it’s in everyone’s best interest to ensure that patient information remains private, but adhering to all HIPAA rules can be a daunting task for even the most seasoned provider—especially in the age of …

  • 6 Common HIPAA Compliance Issues to Avoid Image

    articleNov 12, 2015 | 3 min. read

    6 Common HIPAA Compliance Issues to Avoid

    I’m going to turn the lights down low, burn a few candles, play some Norah Jones, and slip into something a little less comfortable: Health Insurance Portability and Accountability Act compliance ( yeah, baby ). Okay, so maybe it’s not the sexiest of topics, but familiarizing yourself with the most common HIPAA compliance issues helps keep your practice in the know—and out of the jailhouse. So, let’s strip it down, shall we? First Things First If you …

  • HIPAA Rules for Marketing and Sales Image

    articleMay 20, 2014 | 5 min. read

    HIPAA Rules for Marketing and Sales

    Today’s blog post comes from compliance expert Tom Ambury of PT Compliance Group and WebPT writer Erica Cohen. Before you get too far into your plans to beef up your clinic’s sales and marketing efforts, remember that you’re a healthcare provider first, which means you’ve got some HIPAA hoops to jump through (ahem, rules to follow) that the small business owner down the street probably doesn’t have to worry about. Before we get into that, though, let’s …

  • Common Questions from Our Patient Sticker Shock Webinar Image

    articleMar 31, 2017 | 33 min. read

    Common Questions from Our Patient Sticker Shock Webinar

    From copays and deductibles to payer contracts and benefits verification, understanding all the nuances of third-party insurances is tough enough for healthcare providers—let alone their patients. In WebPT’s most recent webinar— Suppressing Sticker Shock: How to Handle Your Patients’ High-Deductible Health Plans —co-hosts Heidi Jannenga, PT, DPT, ATC/L, the cofounder and president of WebPT, and WebPT CEO Nancy Ham provided a lot of great advice on how to have productive conversations about healthcare costs with your patients—without …

Achieve greatness in practice with the ultimate EMR for PTs, OTs, and SLPs.