Clearly, there are a host of benefits to using social media for your business, but it’s important to do it right – without privacy breaches. The risks and dangers can be significant, yet with a little bit of know-how and planning, you’ll protect your medical practice and appease your Privacy Officer.
Firstly, be sure to take the following into consideration:
- Create and implement a clear social media policy.
- Educate your workforce on the policy and HIPAA. Use examples to demonstrate how posts can violate HIPAA.
- Be vigilant and train staff regularly to recognize Protected Health Information (PHI).
- Encourage staff to report violations of HIPAA and/or your social media policy.
Now that you have those in place, beware of the following in your social media and medical practice Internet marketing to avoid causing a privacy breach.
Patient photos
Never post a photo of a patient. Ever. Posting photos of patients is high-risk territory and should be avoided at all costs, unless the patient has signed specific authorization allowing their photo to be shared.
Anonymity
Never disclose information online. Sometimes, apparently harmless comments can still be traced back to a patient, especially in smaller communities. Discussing a treatment or sensitive facts about patients (even when the patient’s name is not disclosed) can still breach HIPAA policy.
Inappropriate information
Having a rant online, even indirectly about patients (i.e. “dealing with too many arrogant footballers tonight!”) can often lead to privacy breaches. Expressing thoughts such as these online are an absolute no-no.
Affecting a person’s dignity
[related_content]
Imagine a post such as “looking after the most demanding patient ever!” and the potential hurt or harm a post such as this could cause. If the patient, or a relative or friend of the patient, was to see this post, the implications are very serious with respect to patient dignity and rights.
Social media is now embedded in medical marketing services, but setting a social media strategy shouldn’t just include the PR or marketing departments. Education and training should also be part of your overall strategy to ensure that everyone within the organization has a clear understanding of HIPAA and how to avoid privacy breaches.
