HIPAA Violations Resulting From Social Media Responses
It is always beneficial to have a social media policy in force for your practice. As always, when designing a policy such as this, you should have it reviewed by your business attorney.
Posted in Malpractice Insurance on Thursday, March 9, 2017
As human beings, it is often our natural tendency to want to defend ourselves as well as our team. However, should that defense tendency present itself as the urge to respond to a social media rant, care must be taken to not violate HIPAA – as well as other local, state and federal regulations.
Recent message board discussions and news headlines continue to include the topic of HIPAA violations from social media. Unfortunately, the playing ground in social media is not level for healthcare providers. This is because a patient may post information about their treatment or relationship with you as a healthcare provider; however, you cannot post any information which identifies them as a patient.
It is always beneficial to have a social media policy in force for your practice. As always, when designing a policy such as this, you should have it reviewed by your business attorney.
Once the policy is approved, have your staff sign off with the date they read the document. This acknowledgment should be maintained in the same manner as when staff members acknowledge your other policies.
Suggestions to consider when putting together a social media policy
- Rather than naming particular sites, such as Facebook or Yelp, a good way to start is by defining social media in broad terms. By using terms such as blogs, user generated content sites, etc., you will encompass not only sites with which we are currently familiar, but also those which may appear in the future.
- Limit or disallow any posting of content associated with your practice or patients, either directly or indirectly, on any social media site without the expressed permission from either you or someone in a management position who understands local, state and federal regulations.
- Prohibit the posting of any medical advice or commentary without proper disclaimers which have been reviewed and approved by your business attorney.
- Forbid the spread of any information which might violate any local, state or federal laws.
- Include your right to monitor and take appropriate action should any of your social media policies be violated.
If a social media rant should appear, take the rant seriously. In this case, you will have some time-sensitive choices to make, such as:
- You can ignore the rant.
- You can contact the patient offline to try to resolve the situation and ask them to remove the rant.
- You can contact the website and ask them to remove the rant if it violates their policy, of course you have to prove it is incorrect (without violating local, state and federal regulations).
- You can solicit positive reviews from patients to balance out the negative comments.
- You can reply to the situation generically online, without acknowledging the writer as a patient, expressing your interest in the writer’s concerns if they are a patient and offer the opportunity to address them by having them contact your office.
Above all, do not forget that the world is listening to your kindness and judging your professionalism.