Your patients are using social media to inform decisions about their own health care, so as a smart healthcare provider, you should be using social media, too. But because of non-compliance concerns, you also must be judicious with its use. Social media is anything but private—and it's practically permanent. Once you put something on the Internet, chances are really, really good it will exist there forever. You may think you deleted that tweet or picture, but if someone took a screenshot of it, you haven't actually eradicated it. That's why developing—and enforcing—a social media policy that accounts for HIPAA compliance is critical for your rehab therapy practice. Like the Under Armour rallying cry, you must protect this house—er, your practice—from the legal ramifications and negative publicity of poor social media management. Here are several tips to keep your practice safe and social:
- Make sure your social media policy covers the supervision of those staff members who handle your social media platforms.
- Educate your staff on social media itself, and train them on your social media policy. Then, work with them to address and resolve compliance concerns.
- Establish a system to capture, archive, and easily retrieve electronic communications. As this Forbes article advises, you “may be required to produce information requested by the opposing party, which may include social media” if you ever find yourself in a lawsuit.
- If possible, approve content before it gets posted on a social medium. If not, Forbes suggests implementing technology that can monitor real-time social media posts for you—and flag any posts with the potential for non-compliance.
- Create pre-approved content and macros—short snippets of text—your staff can use for regular status updates or when they need to quickly respond to patients in sticky situations.
- Don't provide medical advice over social media—to anyone.
- Monitor your social media platforms regularly to ensure their appropriate usage by your staff (and pesky hackers). Be sure to enforce your policy—including the consequences for breaking policy.
Seven social media compliance tips are great—but ten is even better, so here are three more tips from Tom Ambury, as adapted from this blog post:
- Perform and document a risk assessment of your social media platforms.
- If you plan to use patient information or photos in a post, do so only with their express written permission (that means you need to obtain signed consent forms). Not only is this a required step, it's also courteous to your patients.
- While you should strive to avoid posting any HIPAA identifiers whatsoever—even on your personal social media platforms—apply the “minimum necessary” rule when, um, necessary.
Social media is an important part of any company's marketing strategy, but like a quarterback without a good guard, it can leave your practice vulnerable. Don't get sacked by HIPAA violations like Aaron Rodgers did on Sunday night. Instead, use these tips to create a strategy strong enough to tackle any tough social media situation.