99MGMT Blog

As the internet gains more users who are ready to share their lives by the minute, social platforms are climbing in the number of users and popularity. 

That means countless industries, healthcare included, are discovering new ways to connect with and grow their current audience. I’m sure you already guessed it, social media is very different for healthcare professionals and that’s because of: HIPAA.

Having the sole responsibility for yourself and your medical practice, it’s vital to understand the dos and don’ts for interacting on social platforms while being HIPAA compliant.

HIPAA Challenges in a Digital World

Information has never been more portable, accessible, and shareable as it is today. This, unfortunately, means it’s also easier to accidentally give access to the wrong people and have them share the wrong information. Here are some of the known culprits:

• Social media
• Unlocked mobile devices
• GPS
• Cloud storage
• Portable storage devices
• Private messengers

With these social media guidelines & self-monitoring tips, your practice is well on its way to being HIPAA compliant.

10 social media guidelines & online tips to keep you HIPAA compliant

1. Separate business from pleasure. Keep personal social accounts separate from your medical practice social accounts.
   
   
2. Even if your social accounts are set to private, your posts can still be shared with people you wanted to keep your thoughts hidden from, if it’s something you wouldn’t say to your patient or boss then it isn’t something you should post online.
   
   
3. You and your medical practice staff should have locks on your mobile devices and office computers to avoid any wandering eyes from viewing proprietary information.
   
   
4. Everyone on your staff must know all 18 HIPAA personal identifiers that cause compliance issues. Even offhand remarks about medical cases can identify patients.
   
   
5. As much as you’d like to help, try to refrain from reacting to any of your patients’ medical-related posts.
   
   
6. Refrain from giving any type of medical advice online. Always redirect those messages to the appropriate channels.
   
   
7. Your medical practice staff does not have the right to share images of patients, patient files, or to take pictures of patients or patient files without patient consent. This includes patients or files accidentally captured in photos.
   
   
8. Content related to your medical practice needs to be approved by an internal compliance review entity before going live on social platforms.
   
   
9. Create a social media outline with the type of content and posts that will go on your medical practice's social media accounts.
   
   
10. If there are compliance issues, all individuals involved should be re-trained on HIPAA compliance and proper social media usage & practices immediately.
    
    

What else can you do to prevent HIPAA violations on social platforms?

To help practice successful HIPAA compliance you should be sure to create a clear policy for employees that contains guidelines for social media, mobile devices, and general technology usage. This must include a clear distinction between acceptable and unacceptable forms of messages and content, policies for device protection, and procedures for reporting lost or stolen devices that may contain private information.

To help practice successful HIPAA compliance you should be sure to create a clear policy for employees that contains guidelines for social media, mobile devices, and general technology usage. This must include a clear distinction between acceptable and unacceptable forms of messages and content, policies for device protection, and procedures for reporting lost or stolen devices that may contain private information.

Click here to learn more about social media management and compliance training!

Related: 4 Social Media HIPAA Violations That Are Shockingly Common