Privacy issues have become a big concern in recent years, especially now that social media is a main tool in getting information to larger audiences, quicker and more efficiently. However, one major issue has been patient rights regarding using social media in healthcare. Legally, this could be troublesome for organizations posting to social media platforms if they are not careful.
As a social media consultant/manager/specialist, you will definitely run into privacy issues, especially when you are dealing with healthcare clients and organizations. The Health Insurance Portability and Accountability Act (HIPAA) was put in place to define boundaries to protect patients’ medical information.
So how do you know what can and cannot be posted or shared? How do you engage with someone who asks a personal question on social media? Here are a few tips to navigate those murky waters of knowing when to post and when not to post.
1.) Never post an image of a patient without written consent and their signature. Public events are usually okay, but if this is a sponsored event by the organization you represent, play it safe. You can have a posted sign at the event as well as consent forms to fill out.
2.) Do not post information about a patient on social media. Whether you mention them by name or not, never put specific information in a post.
3.) Sharing images inside a healthcare facility where PHI (protected health information) or patients’ images can be seen should never be done. Recently, I took a picture of a decorating contest in a client's health center and later noticed that there was a file folder with a name on it, sticking out from under the computer. I was able to crop it so it didn't show. However, it's always good to go over images to make sure something didn't get "snuck" in the photograph.
4.) Never share information regarding a patient to a private group. This is a big "no-no!!" Never, ever share patient information to a group. You are still leaking information that is meant to be confidential and it is still protected by law.
5.) Do not get into discussions with someone who has entered their personal information or PHI on social media. Rather, tell me to send you a private message if you are qualified to talk with them or refer them to the appropriate person. If they continue to ask questions, make sure they understand that you cannot discuss their health issues in a public forum.
6.) Monitor discussions to make sure private medical or personal information is not relayed. Sometimes, employees of a health organization will start a vague conversation about a patient that will attract others and then, before you know it, personal information has already been leaked. Delete the comments and make sure employees understand that what they did is not only wrong, but it could be cause for a lawsuit in extreme cases.
To avoid any case of "ignorance," make a Social Media Policy and Procedures Manual for your company, outlining privacy regarding patient information and make an effort to discuss this within your organization. "An ounce of prevention is worth a pound of cure."