5 Things Healthcare Employers Need to Know About Social Media Compliance
By Brain Barajas
Dallas, TX | Posted April 4, 2016
In the Society of Corporate Compliance and Ethics (SCCE) and the Health Care Compliance Association’s (HCCA) Compliance and Ethics Hot Topics for 2016 Survey, employers across all industries selected social media compliance risks as the second highest area of concern, second only to cybersecurity and cybercrime. For healthcare employers, however, social media compliance risks was the top concern.
After listening to a February HCCA webinar presented by Kortney Nordrum, attorney and social media expert at HCCA, it was very clear why healthcare employers have more reasons to be concerned about social media. A 2015 version of Nordrum’s presentation is available on The Compliance and Ethics Blog, but this article covers some of her session’s highlights and how healthcare employers can get started with managing social media and the risks and benefits that come along with it.
1. Social Media is Not Going Away
By now, social media is just another aspect of life. As a healthcare organization, both employees and patients are using it. From a marketing perspective, search engines like Google index social media posts, which means your organization’s social media activity can be found through searches. Having a strong social media presence can influence decision-making, so it’s important that healthcare organizations have a social media strategy that involves collaboration with the compliance department in order to mitigate risk.
While social media is an area of concern for many reasons, it can also be very beneficial for healthcare. For example, a 2012 study by the Journal of Medical Internet Research found that 60 percent of doctors believe social media improves the quality of patient care they deliver.
2. HIPAA Compliance Can Be Tricky with Social Media
It can be very easy to violate the Health Insurance Portability and Accountability Act (HIPAA) on social media if your organization does not have a clear policy. In an article for Law360, Kyna Veatch, President at Veatch Ophthalmic Instruments, offers the following suggestions for avoiding HIPPA violations on social media:
- Avoid “friending” patients and clients.
- Understand that HIPAA lists 18 personal identifiers including photos, neighborhoods, birth dates and vehicle identifiers. In small communities especially, people can quickly determine who is in the hospital and for what with just a few details.
- Healthcare professionals do not have the right to transmit by electronic media any image of a patient.
Even if your organization does not use social media as a marketing and branding tool, it may still be a good idea to offer social media and HIPAA compliance training to your staff so they understand that innocent comments about patients on social media, for example, could result in a HIPAA violation.
3. The AMA Has Issued an Opinion on Professionalism in the Use of Social Media
The American Medical Association (AMA) Opinion 9.124 outlines that physicians should weigh a number of considerations when maintaining a social media presence:
- Be cognizant of standards of patient privacy and confidentiality that must be maintained in all environments.
- Use privacy settings to safeguard personal information and content to the extent possible, but understand that content on the Internet is there permanently.
- Consider separating personal and professional content online to maintain professional boundaries.