Social media is a great tool for growing a healthcare business and connecting with patients on a new level. You have the ability to establish expertise, provide education, and create a brand. But, social media comes with certain risks for healthcare professionals who are not careful. This is important as HIPAA violations can have serious consequences.
The basic rules of engagement are simple: Don’t post too many times in one day, don’t make every post a self-promotion, and don’t forget to proofread. However, medical professionals must also keep HIPAA — The Health Insurance Portability and Accountability Act — in mind when using social media.
Read our HIPAA guidelines for three tips to avoid privacy violations when building your online presence.
Patrol for protected health information protected by HIPAA
HIPAA outlines 18 types of protected health information, or PHIs, that could reveal the identity of a patient. If any information you share online includes details that could lead back to a specific patient, you’re violating in HIPAA compliance.”
The information provided in your own social media profile — names, locations, photos, dates — combined with even minimal information from the post could paint a surprisingly clear picture of PHI with minimal detective work. You might think you’ve disguised their identity, but a good rule of thumb is to leave any biographical information out when posting on social networks.
Remember to also use a critical eye when it comes to sharing images. Do a quick scan to make sure a patient or their files aren’t visible in the background of a seemingly harmless office snap.
If your practice wants to use photography for marketing or educational purposes, ensure you have proper patient consent. Create a form that explicitly states why a photo or video is being taken and retains your rights to the imagery.
Maintain a professional profile
There is a difference between your personal and professional online presence. Although social media platforms can be a great tool for friends to stay in touch, using social media for business requires greater professional distance.
And while an increasing number of people are becoming active on social media, you should never post directly to a patient’s profiles or tag their account in a post, as this would be a violation of HIPAA laws. A patient might engage with your online presence on their own accord, perhaps through a comment on a Facebook post or a review on your Healthgrades profile. Don’t be afraid to respond back, just leave any additional details about the patient or their treatment out.
Create a HIPAA social media strategy for your practice, and stick to it
An online presence is essential to healthcare marketing, even for the busiest doctor. Set yourself up for success by sticking to a consistent schedule and strategy. Create a HIPAA-compliant social media policy for your practice to establish a brand voice and stay safe. If additional help is needed, you can empower your front office staff with greater responsibility.
First and foremost, you’ll need to educate your staff on HIPAA. Anything they post will reflect back on you and your practice, so be sure that whoever manages your social media knows how to look out for possible HIPAA violations.
You also might consider implementing a social media style guide with HIPAA in mind, which can give direction on the best practices for your content, tone, and branding. For example, you could provide a repository of HIPAA-compliant responses for your staff to reference when engaging with patients.
Every social action you take online conveys something about your practice, so be sure you portray a positive image to your patients while also protecting their privacy.
Social media profiles and business listings are just one aspect of a healthcare provider’s online presence. For more tips, check out the blog “3 ways healthcare providers can build online presence.”