Social Media Policy

HIPAA Privacy / By

Social Media Policy – Do You Have One?

Your social media policy should define and control your organization’s use of social media.

Remember: There is no one size fits all solution, so what we recommend is to review a variety of approaches in order to determine what may work well for you. Here are some resources to help you get started.

Here are some things you should consider:

  1. Who gets to speak on behalf of your organization and under what guidelines?

For example, many organizations have selected an individual (or an organization) to serve as the “voice of the company.”

By taking this approach an organization can easily implement “message control” (and damage control when necessary).

  1. Be sure to use specific clarity that protected health information (PHI) is NOT to be shared online in any way, shape, or form without the express authorization of the governance committee and the patient.
  2. All workforce members, including doctors and volunteer workforce, need to be trained on the organization’s social media policy (including personal use at work) as part of HIPAA training and/or employee orientation training.

The list is not exhaustive. It is intended to get you thinking about the implications of social media and the intersection with HIPAA compliance.

Social Media Policy Concepts

Start by implementing a social media policy in your practice.

First create a policy that fits YOUR culture, how you practice and most importantly be sure patient’s privacy is at the forefront.

  • • Make it easy to understand. If you use buzzwords, tech jargon and legalizes you will confuse your workforce.
  • • Create a rollout plan for your new policy.
  • • Educate your workforce on your new policy.
  • • Don’t forget to include all relevant parties and departments when creating and reviewing your policy.

Helpful TipsSocial Media Healthful Tips

    • • Keep personal social media accounts separate from organization accounts
    • • Avoid “friending” patients, subscribers, and clients
    • • Remember things are never fully deleted on the Internet
    • • Private personal page posts can still be accessed and distributed
  • • Never repost, retweet or “regram” patient information on personal pages

Understand the list of 18 personal identifiers – very little information can lead to a breach

  • • Post signs in facilities describing photos and videos may not be taken
  • • Post a commenting policy on your social media sites
  • • Collaborate with human resources, legal counsel, risk management, privacy officer, security officer, compliance officer, marketing, and sales

During their 2018 Fall Conference OCR shared that they will be paying more attention to social media!!

Always Watching

Remember – they are always watching.

Let us help you with your healthcare social media strategy!!

Need help developing your social media policy?

Let HIPAA alli help develop your healthcare social media strategy before you start connecting.