Social media has become an integral part of the marketing mix for most hospitals and clinics today. It’s a dynamic medium offering a range of touchpoints that support two-way communication directly with target audiences. While engagement is an ideal metric of success, for healthcare organizations it comes with a challenge of balancing patient privacy and staying HIPAA compliant.
For example, Facebook’s recent changes to their check-in feature allow visitors to post a picture to your facility’s page. While a patient or visitor can share that photo without violating HIPAA, they could inadvertently violate another patient’s privacy should someone be in the background and unaware that their photo is being taken or shared. Facebook’s new check-in feature does not require approval from the page administrator or provide the ability to disable this functionality, which is a concern.
Here are a few tips and considerations to ensure your Facebook and other social media channels are not compromising patient privacy:
- If someone posts a photo to your organization’s Facebook page, don’t like or share it as the Facebook page administrator. While they have willingly shared their own information, taking action could be seen as confirming someone as a patient by HIPAA standards.
- Any organizations using social channels for marketing should have a social media policy in place that includes guidelines and expectations for the social community manager, employees throughout the organization and fans or followers interacting with the account. As HIPAA rules change, be sure to review your social media policy to reflect updates and keep employees informed as well.
- Similar to having a social media policy in place, healthcare organizations should also post signs in waiting rooms and other visible areas stating that taking photos in the building is prohibited. This serves as a notice to visitors, as well as a reminder for staff.
- Incorporate social media scenarios into your employee HIPAA training. Hospital and clinical staffs go through HIPAA training and refresher courses regularly, which is an opportunity to provide tangible examples of how social media impacts patient privacy and ways to avoid both overt and inadvertent compliance issues.