Question: What if someone contacts our practice through social media and asks questions? Can we reply in the same way and still be HIPAA compliant?
Answer: One interpretation of HIPAA is if someone uses social media to ask your practice a question, this is implied consent for your practice to reply in that way, answers Jim Sheldon-Dean, founder and director of compliance services for Lewis Creek Systems LLC in Charlotte, VT. But this isn’t necessarily a sound way to address this situation.
Best bet: According to Sheldon-Dean, if someone contacts you via social media, your first reply should be: “Are you sure you want to communicate this way? Do you realize it’s not secure? Your information could be exposed. Do you want to continue communicating anyway?”
Sometimes, organizations are inclined to simply reply in the same manner in which a person is inquiring. “But I think when it comes to social media particularly, I think you want to make sure that you ask some questions and make sure [patients] understand what they’re doing and not just dive into it head-first,” Sheldon-Dean cautions.