Recent research has indicated that treatment results are better when patients are involved in their own healthcare. Social media acts as a channel that enables the patient-physician relationship to extend beyond face-to-face consultations. When doctors actively engage on social media, they have an opportunity to connect with patients and impact their daily routines. And it is not just the millennials who are social media-savvy; the 55- to 65-year age group is increasingly engaging in social media. In addition, social media is an ideal platform to connect with colleagues and peers. It is a perfect place to express opinions and share patient experiences. Often, these interactions contribute to an improved patient experience. However, while social media continues to grow in importance, the challenges associated with non-compliance with HIPAA rules are also on the rise.
Many practices understand that patients’ names should not be disclosed, but HIPAA rules go beyond protecting just names. In fact, medical practices should refrain from revealing any information that may help people guess the patient’s identity. To ensure that your social media activity is not revealing personal information about your patients, you must create a well-researched social media policy.
Take the first step to protect your online reputation and request your Online Reputation Assessment.
Here are some effective tips for medical practitioners for staying HIPAA-compliant when using social media:
- Never disclose PHI: Breaches of patient confidentiality can occur in a number of ways. To minimize the risk of disclosing protected health information (PHI), it is important to understand the 18 PHI identifiers – name, geographic information, dates, telephone numbers, fax numbers, e-mail addresses, social security numbers, medical record numbers, health plan beneficiary numbers, account numbers, certificate/license numbers, vehicle identifiers and serial numbers, device identifiers and serial numbers, URLs, IP address numbers, biometric identifiers, full-face images and other unique identifying numbers, characteristics or codes.
- Do not mix personal and professional profiles: Keep your personal social media profiles separate from your professional profiles. Even if you are an individual practitioner, you should maintain a separate social media profile for discussing anything outside of healthcare. Patients are visiting your professional page primarily to learn about your practice and get health-related tips. Use the highest security possible for your personal profile, and do not send or accept a friend request from patients.
- Seek patient consent: Healthcare providers are expected not to share patient-related information. While this seems straightforward, it becomes tricky if they want to blog about an interesting case in the office. The best practice when considering sharing details of a case online would be to ask the patient. Even if the patient seems comfortable with sharing the case details online, you should get it in writing. When creating the consent form, consult with a legal advisor to make sure you are covering the basics.
- Train your employees: You must make sure your employees are trained and clearly understand and follow your policies and procedures. You must learn if and how your employees use social media as that will help you create an effective social media compliance policy. Also, it is not just enough to just have a social media policy for your medical practice; you will also need a smartphone policy.
- Don’t criticize your job: We all have bad days on the job. In our social media-savvy world, people do not shy away from venting those frustrations online. However, with medical practitioners, venting online may inadvertently disclose personal details about a patient. Most healthcare professionals refrain from posting such content on their professional profile, but they may not think twice about posting it on their personal profile page. However, this too can get you in trouble. Even if you try to be anonymous, someone may still connect the dots.
- Do not offer medical advice: In case a patient contacts you through social media platforms and asks for medical advice, the best policy is to thank them for getting in touch and request them to schedule an appointment. You must always refrain from offering medical advice online.