Prohibit your staff from making this No. 1 privacy mistake.
Start by realizing the potential for major problems. "Facebook and similar social forums can be a very dangerous world" in terms of privacy, warns Jim Sheldon-Dean, principal and director of compliance services for Lewis Creek Systems in Charlotte, Vt. "Never assume that anything that [is posted on a social media forum] is going to be private."
Develop A Policy And Procedure To Cover The Privacy Bases
You should formulate a policy addressing the dos and don'ts for using online media, including what staff can and cannot say in that forum -- "and under what circumstances," says Sheldon-Dean.
Must do: The policy should prohibit staff from posting any specific information about a patient on a social media site, in the view of Heather Berchem with Murtha Cullina in New Haven, Conn.
In fact, some experts advise against posting anything about patients whatsoever. Berchem does not know of any provider that has forbidden staff from consulting with each other on various discussion forums, which are often hosted by professional organizations. But those discussions should be generic, she stresses, such as "'how would you handle a patient who does x, y, or z?' That's different from posting that 'we had a patient ... today who is doing x, y, and z.'"
Beware: In theory, staff who post certain information could be risking privacy issues, experts caution. The policies should also let employees know that posting pictures that include patients could "infringe on residents' privacy rights," Sheldon-Dean warns. Under HIPAA, you'd have to obtain an authorization before posting such a picture, he instructs.
Get the inside scoop: When training staff to use online social media appropriately, include input from people who really understand how the social media works, advises attorney David Harlow with The Harlow Group in Newton, Mass. For example, "find a young person on staff or someone who uses the various social media forums on a regular basis to help with the training. Use real examples."
Train Staff Not to Take the Bait
Suppose a patient's family member blogs or tweets that their loved one wasn't treated well by your staff. If staff response to that post acknowledges that the patient is on service or provides any information about the patient, they could end up violating a patient's privacy, Harlow cautions. You could, however, respond in a generic way, saying your organization "has a comprehensive ABC Services program. Check it out at our website."
Monitor and Respond
Providers should monitor various forums so they know what's being said about them -- "both good and bad," advises Harlow. "You can't necessarily monitor stuff on Facebook, but people blog and post comments on Twitter. All of that is searchable on the Internet." Or "you can use Google alerts or proprietary tools to track what's being said," he adds.
Then use that information proactively to correct misperceptions and rectify situations, Harlow suggests. If you address a quality issue, post an article or press release on your blog or website touting the quality improvement.