Creating a HIPAA Compliant Social Media Strategy
Guest post by Erik Kangas, CEO, LuxSci.
More and more healthcare practitioners are turning to social media to disseminate health related information and communicate with customers and others in their field. However, healthcare practitioners should pay close attention to the information that they share out there to ensure that they comply with HIPAA Security Rule. Here are a few guidelines to assist you in implementing a social media strategy that complies with HIPAA standards.
What is HIPAA?
First, let’s begin with a basic understanding of the law. The Health Insurance Portability and Accountability Act (HIPAA) of 1996 is a federal law mandating the non-disclosure of private and personal patient information by healthcare professionals and their business associates. The exception to this rule is that the patient’s information can be shared internally within the confines of the hospital between doctors and healthcare professionals, or between the hospital and the insurance company for payment purposes. Unless the patient voids the non-disclosure, their information has no place outside of the databases of both the hospital and the insurance company.
Guidelines for remaining HIPAA compliant
An accidental error in the information that has been shared on social media can mean that HIPAA compliance has been inadvertently violated. While the mistake may not be on your part, it could mean a host of problems for you, your business, and your reputation. Staying cautious about the information that is disseminated through your organization’s Facebook, Twitter, or other social media pages is significantly important to your career.
Seek patient consent before you post anything – Before you write about a case, seek your patient’s consent. Confidentiality is a fundamental aspect of the relationship you share with those who have sought your professional assistance. Acquiring prior consent should never be overruled, regardless of whether your client’s identity has been omitted from the information you shared online.
Inform before you engage – Some patients are less private about their medical conditions, and would like to communicate with you through social media. You should attempt to take the conversation into the privacy of your workplace. If your patient persists on an online dialogue, inform them of the risks associated with revealing personal information online, then acquire the patient’s consent before communicating through social media.
Manage information posted onto your social media – Although you should not be held accountable for guest posts that violate HIPAA regulations, healthcare practitioners are subject to a different set of standards under the healthcare privacy realm. To be on the safe side, delete information that is protected or considered private under HIPAA. To avoid compromising situations, if any, post your policies directly on all your social media platforms.
Establish staff roles – Your staff members should know their roles in regard to your social media presence. Assign each member of your online team specific roles and responsibilities when it comes to protecting patient security on social media. Establishing specified duties will ensure compliance with HIPAA regulations and help you mitigate any issues that could potentially arise down the road.
Consult a HIPAA lawyer – While you may be well versed in the world of HIPAA compliance, there are many details to consider that are unique to your organization. Meet with a HIPAA lawyer to discuss the specifics of your online strategy and make sure all the nuances are compliant and accounted for.
All things considered, it is important to be cognizant of the information disseminated through your social media channels. While the online platform can be a very powerful tool when used to spread knowledge and awareness, and to communicate important healthcare messages with the general public, you are still responsible to comply with HIPAA regulations. When creating a HIPAA compliant social media strategy, keep the following in mind: always respect patient confidentiality; inform your patients about the risks associated with communicating online; always manage information posted onto your social media platform; ensure that staff members are aware of their roles online; and consult a specialist.