Sorting Out the Confusion of Social Media and HIPAA Regulations

As more healthcare organizations and medical practices adopt social media forums like Facebook and Twitter to interact and connect with their patients, more concerns and questions are raised about how to be compliant with HIPAA regulations while being effective online.  While there are many “gray areas” that can be confusing, practices can move forward with a presence in social media while staying within the patient privacy guidelines of HIPAA.  Here are a few thoughts to consider when looking at your strategy for online interaction from two industry experts, a healthcare attorney and a medical marketer.

1. Get it in Writing.  Remember that your website, online forums, Facebook Fan Page and Twitter account is to promote you, the physician/practice/hospital/organization, not your patients.  As with every other medium in advertising, displaying information about the practice and physicians is acceptable, but sharing information that may identify your any of your patients is not.  If you are going to use pictures of patients or testimonials make sure to get consent in writing from those patients and keep them on file.

2. Use disclaimers to protect you and your practice.Disclaimers on your website, Facebook Fan page and Twitter can save you from a HIPAA disaster.  David Harlow, Principal of The Harlow Group, L.L.C. states in his blog; “My take: include disclaimers and warnings galore, so that posting in such a form constitutes consent to the public discussion.”  Making it clear to your patients that the information they are sharing with you in a social media outlet will be public helps to ensure your practice remains HIPAA compliant. It is also important to use disclaimers for the health information you share on your social media forums, informing your patients that they should consult you for specific diagnoses and the information shared is purely educational.

3. Deal with patient sensitive issues in confidence.  By opening yourself up to patient comments and interaction through social media, you may face issues with negative patient experiences being exposed.  If these instances do come up, address the situation in a confidential, personal matter with the patient responsible for sharing that information.  While you can make a generic public comment such as “We regret hearing about this negative experience and look forward to addressing the matter promptly.”  Harlow recommends in his blog that a practice set up specific policies for dealing with negative comments from patients, both online and offline; “The social web does not always require the creation of new rules of the road; often, it requires a re-examination of organizational culture and approach in other contexts, and those approaches may then be extended into the web 2.0 environment.”

The key takeaway item is to use common sense when formulating your strategy for an online presence.  Many of the same offline HIPAA regulations apply online as well, so continue to ensure the privacy of your patients while building your practice’s brand online. 

For more information on David Harlow and The Harlow Group, please visit his website and read his blog, “The Lawyers Don’t Always Say No: Bringing Legal into Healthcare Social Media Strategic Planning” for more details and suggestions to be certain your practice is HIPAA compliant online.

Reblog this post [with Zemanta]

Submit a Comment

(e)merge © 2012   |