In a recent post about the state of social media in the healthcare industry, I talked briefly about the major risks and challenges associated with taking a healthcare system social. But, there can also be immense benefits.
What are the risks?
The risk that gets the most attention from C-level executives is managing patient privacy.
Being a social health system requires that the proper people, policies, and protocol are in place in order to avoid HIPAA violations.
Make sure that you have a team identified for managing communication if a HIPAA violation is at risk, especially if you have a large social media workforce. These concerns are not something to be trifled with, and it’s important that each individual knows their place in mitigating the risk. Do you have a member of your organizations legal team available to review digital conversations? Who is responsible for crafting messages to social media users who have addressed a specific and personal health concern via social media? Whose final approval is needed before interacting with a user on social media that could potentially involve Protected Health Information (PHI) being shared?
Having a social media policy for both users who interact with your health system on social media is just as important as having a social media policy for your employees.
For the public:
It’s important to note in your social media policy that dialogue on social changes should not be construed as medical advice, professional services or recommendations. It’s also important to point out that social media is not a place for patients to post their own Protected Health Information. While this is not a fool-proof method for avoiding HIPAA violations, it is important to remind users and patients that their information cannot remain private if they share it publically via social channels.
While I am a firm believer that employees of any organization should be able to use personal social media accounts without interference from their employers, I am also a firm believer that the use of social media should not negatively reflect the image of your employer. For healthcare professionals, there are greater risks involved. At the end of the day, all you really need to remember is: DO NOT post ANYTHING related to your day at work or the patients you encountered. Something as simple as communicating gender and symptoms can be considered a HIPAA violation, and it will result in the loss of your job.
While I’ve never been an advocate of “canned” social media responses, they are important to have on-hand when a possible HIPAA violation occurs. Sit down with your social media team and legal counsel to determine the best course of action if the risk of a HIPAA violation is imminent. Talk about things like messaging, terminology, and phrasing to be used in responses and protocol for removing posts, comments, tweets, etc. containing PHI from the digital space. Unfortunately, as we all know, once it’s posted, it’s never truly deleted, but it’s important to have a process in for mitigating the risks associated with PHI being shared.
What are the rewards?
With proper education for your social media team and organization employees, social media can be truly beneficial to a health system. Having a social presence allows a health system to build trust, place itself as a thought leader, and cultivate a digital community. Let’s discuss the rewards – and how to measure them – at a later date.