1. Know the rules. HIPAA's privacy prohibitions not only protect the disclosure of a patient's name and "individually identifiable health information," but also requires the safeguarding of any information where there is a "reasonable basis to believe it can be used to identify the individual."
2. Develop a social media policy. A social media policy, written in plain language, with clear dos and don'ts, should be established to provide guidance on what is and is not permitted.
3. Training. If physicians are going to use social media, they need to learn the tools, techniques and strategies of social media. An unintentional disclosure of information due to a misunderstanding about how a social network or mobile application works may have the same consequences for a doctor or institution as intentional disclosure. A doctor's staff should also be given training so that they are equally equipped to understand the rules of social media engagement.
4. Get written authorizations from patients. Anytime a physician wishes to profile a patient online, obtaining a written authorization from the patient is the safest route. Thinking of posting "happy" photos online from a health screening? Be sure to get written authorizations. "Really?" Really.
5. Monitor your social media sites for compliance. Training your staff on the rules of social media engagement will equip them to monitor your social media sites and keep your social media presence on the right of HIPAA. Having someone monitor the accounts throughout the day also makes good sense and is not as burdensome as it sounds. A glance at a screen by someone who knows what to watch for is all that is required.
2. Develop a social media policy. A social media policy, written in plain language, with clear dos and don'ts, should be established to provide guidance on what is and is not permitted.
3. Training. If physicians are going to use social media, they need to learn the tools, techniques and strategies of social media. An unintentional disclosure of information due to a misunderstanding about how a social network or mobile application works may have the same consequences for a doctor or institution as intentional disclosure. A doctor's staff should also be given training so that they are equally equipped to understand the rules of social media engagement.
4. Get written authorizations from patients. Anytime a physician wishes to profile a patient online, obtaining a written authorization from the patient is the safest route. Thinking of posting "happy" photos online from a health screening? Be sure to get written authorizations. "Really?" Really.
5. Monitor your social media sites for compliance. Training your staff on the rules of social media engagement will equip them to monitor your social media sites and keep your social media presence on the right of HIPAA. Having someone monitor the accounts throughout the day also makes good sense and is not as burdensome as it sounds. A glance at a screen by someone who knows what to watch for is all that is required.
Comments