5 Ways Your Healthcare Practice Can Use Social Media While Staying HIPAA-Compliant

Imagine this: you’re a doctor working for a big hospital, and your practice has a Facebook page. You and your staff maintain your own Twitter accounts. You’re probably on Reddit, too, or perhaps you have some videos on YouTube.

Your biggest concern is the Health Insurance Portability and Accountability Act. You know that HIPAA requirements can complicate things when you use social media.

But still, there are some ways healthcare firms can use social media in this age of the HIPAA.

What Is HIPAA?

The Health Insurance Portability and Accountability Act is a set of rules and regulations that will guide you in dealing with sensitive patient data. If you deal with protected health information, you will need to make sure that it is secure.

You are required to use all means to secure the data physically. For instance, you need to make sure that paper copies of your patients’ data are kept in a locked filing cabinet inside a similarly secured room.

Further, you need to make sure that your processes and IT can keep up with security. For instance, you should make sure that patient information in digital files is safe from hackers. Or if hackers do successfully attack your organization and get the data, they shouldn’t be able to openfiles or interpret the data. Typically, encryption is used to make sensitive data indecipherable even if it’s accessed by unauthorized persons.

Who Is Affected by HIPAA?

Anyone who provides treatment, as well as those who handle payments and operations in a healthcare firm, are covered by the HIPAA.

Basically, everybody who has access to patient information must comply with HIPAA. Subcontractors and other related businesses should also be in compliance.

What Can You Do on Social Media?

Social media has proven to be a great way to market your practice and reach people you otherwise have no means of contacting. You are putting your business out there for people who may need the medical care and services you provide.

It’s also an excellent way to share what you know and what you’re passionate about by sharing informative articles and content written by you or your staff.

But in this age of HIPAA, some doctors, hospitals, and other covered healthcare professionals are hesitant to use social media at all. What makes it all more confusing and complicated is that HIPAA was introduced long before Facebook. The rules, as they pertain to social media, are not clear.

So, how do you use social media for your purposes and still remain in compliance with these rules?

1. Show how good you are.

The best testimonial out there is your work. So if you need to, you can show before and after images of your work.

For instance, if you’re a plastic surgeon, you can show images of a patient before they underwent a procedure, and then you can post the results.

However, you should first obtain the patient’s written permission to use the images in your marketing.

2. Educate your patients and the general public.

No matter what content you have, it will not be useful if nobody reads it. That’s why you should come up with entertaining, informative, and educational content so that people will discover your practice and follow you on Facebook, Twitter, Reddit, or other popular social media platforms.

Videos are one of the best ways to get people hooked on what you have to say. Keep it simple, direct to the point, and instructive.

One-minute videos are very popular. They’re easy to watch and can often be more easily digestible for social media users with short attention spans. Your followers get to learn about the subject matter without having to spend too much time on it.

3. Convey your professionalism.

Are you a doctor that people can trust? Do you conduct yourself professionally? Are you the kind of healthcare professional they are looking for?

These are things that people can learn from your posts. You may not say it explicitly, but they will see it through the content you share.For instance, when you make tutorial videos, do you come across as credible? Do you seem like you know what you’re talking about?

Doctors and other providerswho have a jolly and easygoing personality should share posts that convey your disposition and your personal style. If you’re a pediatrician, for example, and you work well with kids and can make themfeel at ease, this should show in your videos as well. Parents will see you as more professional and laidback, making it easy for their children to trust and engage with you.

4. Listen to and join the conversation.

Social media is a place where you can learn more about your patients, competitors, and your industry in general.

Doctors and other healthcare professionals should be able to respond to negative reviews from their patients. Using social listening tools, you can know when somebody’s mentioned you on Twitter, Reddit, Facebook, and other channels.

Social listening is an excellent way to find any negative reviews about you and your practice. When you do encounter a negative review, respond and clear the air. You can also do some damage control.

Social listening is also a great way to keep on top of events and trends that affect your practice. If somebody mentions a new drug being developed or a new procedure that shows promise, then you will be informed if your patients ask about it.

5. Follow FDA rules, too.

You may be too focused on the HIPAA that you might forget about the Food and Drug Administration (FDA). However, you should be mindful of FDA rules if you’re marketing products on your social media pages.

When Kim Kardashian took to social media to promote a morning sickness medication, the FDA was not too happy about it.

If you are going to endorse supplements and medicines, you need to follow FDA guidelines on how to post it.

HIPAA rules apply when you use personal testimonials. You cannot publish the names of your patients who have taken a product or had a procedure, unless you have their written authorization to use their names and testimonials for your posts.

What You Can’t Do on Social Media

Now that you have an idea of what you can do for your practice or yourself on social media, you also need to know your limits.

What are the things you should avoid doing on social media?

1. Do not post any protected health information (PHI). You shouldn’t show pictures or videos inside your practice. You cannot show people in waiting rooms or lobbies.
2. Avoid posting videos and images of your patients even when you’ve blacked or blurred out their faces.
3. Do not show snippets of videos or photos that show identifying marks on the body, such as a tattoo or birthmark that may enable people to recognize the patient.
4. Never gossip about your patients. A report in the United Kingdom revealed that patient confidentiality was breached more than 800 timesfrom October 2010 to October 2011. Included in that number are nurses and doctors who gossiped about their patients and their diseases on Facebook.
5. Do not tag patients in your post. You may not have revealed information on your Facebook status, but you directly tagged one of your patients in the post. Doing so can result in a breach of your patient’s confidentiality.

Patient Authorizations and HIPAA Compliance

Here’s a shortcut: If you want to remain HIPAA compliant, you need to protect your patient’s sensitive health data. The quick and fast rule is that if a piece of information can lead people to identify a patient, it’s subject to HIPAA and must be protected.

But doing so will lead you to miss out on opportunities to discover and sign up new patients, engage and inform the public, and do some marketing.

If you’re not sure that something is acceptable under HIPAA, then it’s best to be sure. Always get a written authorization from your patient if you are going to release personally identifiable data.

But what does a HIPAA authorization form look like?

A HIPAA compliant form should have the following details:

• Specifics of the information that will be shared on social media.
• How you are going to use the images or information that you get from them. You should specify if it’s going to be used on social media, your website, a blog post, or as part of an advertising campaign.
• The length of time these images or other information are going to be used. There should be an expiration date and conditions for renewal.
• The wording should be as clear and straightforward as possible. Avoid wording that is too difficult to understand. There should be no room for confusion. Being vague can land you outside of compliance city.
• You should also include a statement that says the patient can revoke any authorizations given to you for whatever reasons he or she might have. They can revoke at any time.
• You should also allow your patients to get a copy of the agreement if they want.

Use Social Media and Still Be HIPAA Compliant

We understand why you would be hesitant about using social media for your practice or organization. One wrong move or one careless post can land you in trouble.

Knowing what you can do on social media helps not only yourself but also yourorganization. There’s no reason to avoid social media and miss out on the benefits social media marketing can offer when you’re armed with knowledge on what to avoid.