Home Health & Hospice Week

Remember to train staff on your policies and procedures.

If you’re not careful, instead of a business boost, your social media efforts could bring you HIPAA violations, fines, state actions, civil cases brought by patients, and more.

Before you click “like,” upload your agency’s services to the web, or respond to questions, queries, and comments, you may want to consider asking yourself and your team why and how you plan to implement, utilize, and promote social media in your organization.

Reasoning: What you post says a lot about you, so outlining your objectives is always a wise decision from both a marketing and compliance standpoint. And the reason this is critical is because it is very easy to cross the line during digital discourse.

“I think there is a residual level of ignorance about HIPAA among many providers, when it comes to everything from social media to simple provision of individual access to medical records,” informs HIPAA expert Jim Sheldon-Dean, founder and director of compliance services at Lewis Creek Systems in Charlotte, Vermont. “Some just don’t seem to understand the rules until they’re faced with an enforcement investigation.”

Whether your staff are seasoned Instagram posters or can’t tell Twitter from Tumblr, you should include them — and ensure they’re adequately trained — on the intersection of HIPAA and social media.

Consider adding these items to your social media protocols:

• Define who will have access to the agency’s social media accounts.
• Nominate or hire a vetted employee to manage social media posting.
• Outline the Privacy Rule regulations fully for staff, including what constitutes PHI.
• Establish privacy requirements for your agency that are compliant with state and federal privacy and security standards.
• Train both administrative and clinical staff on HIPAA and social media.
• Ensure individual staff know what social media protocols apply to them.
• Create a staff policy on using social media at work and stick to it.
• Prohibit staff from posting pictures, agency logos, and clinical information on their personal accounts.
• Acquire written authorization from patients before taking photos, uploading images, or explaining procedures on the practice social media.
• Execute an enforcement plan for staff who don’t follow the rules.
• Institute social media incident response and breach policies and make sure all staff know them.
• Incorporate username and password protocols to ensure insider threats are a minimum.
• Audit agency social media interactions often to ensure compliance and update policies accordingly.

Consider These Restrictions For Docs Especially

If you employ or contract with physicians, be sure they stay on the right side of all applicable rules. Most are aware of HIPAA, but physicians must also consider the Stark Law, state privacy rules, and medical board regulations.

The Federation of State Medical Boards offers many resources for physicians to remain compliant with their respective state’s medical boards. They offer these crucial reminders on how missteps on social media can have outsize consequences for physicians and their employers, up to and including physician license revocation.

“State medical boards have the option to discipline physicians for inappropriate or unprofes­sional conduct while using social media or social networking websites with actions that range from a letter of reprimand to the revocation of a license,” warns the FSMB.