Certain industries such as healthcare have faced challenges implementing social media due to privacy compliance issues. The HIPAA Security Rule, on the books since 2005, establishes standards of protection for personal electronic health information that is created, received, used, or maintained by any health organization. This includes messaging transmitted via social media – which means it’s even more important for companies to ensure they acquire the right tools, create a social media policy, and train their team to be well-versed in social media best practices. Because what you might think is a minor piece of information – such as hinting at a patient’s identity or personal health information (PHI) -- can land hospitals and facilities in hot water.
Consider the following examples:
In May 2011, a certified nursing assistant at Kindred Transitional Care and Rehabilitation in Indiana took a photo of a paraplegic's buttocks after he had a bowel movement and posted it to Facebook. The nursing assistant was fired, and faced a voyeurism charge. (Source: Fierce Healthcare)
In April 2011, a physician at Westerly Hospital in Rhode Island described incidents in the emergency room on Facebook. The doctor didn't include the patient's name, but there was enough PHI in the description that a third party was able to identify the patient. The doctor was found guilty of unprofessional conduct and fined $500 by the state medical board. (Source: Fierce Healthcare)
In June 2010, hospital employees at Tri City Medical Center in California allegedly discussed patients on Facebook. Six registered nurses at the hospital were put on administrative leave as a result of the incident. (Source: Fierce Healthcare)
Still, studies show that patients are using social media for their healthcare needs. A report from Demi & Cooper Advertising and DC Interactive Group found that 41% of people said social media affects their decision when choosing a doctor, hospital, or medical facility. The challenge is how to monitor and enter these conversations safely and compliantly. Below are 3 tips to get started:
1) Acquire the right tools – A social media management tool like Gremln can help avoid landmines. Gremln ensures compliant social media communication for companies that adhere to HIPAA regulations through applications such as:
- Filtering – Prevent certain content from making it onto your social networks with keyword/phrase filtering. Already have a list of words and phrases that you’re monitoring for email? With a click of a button, you can upload files containing any number of words you’d like to filter and monitor.
- Organization and approval workflow – Once you have trained your staff on social media best practices, create your team and set up compliance filtering to match the job function of each team member. Posts won’t be published until your approval process is fully executed.
- Archived data for regulatory audits - Regulators have started random audits of HIPAA compliance, requiring organizations to produce proof of social media policies and procedures, monitoring, training, and documentation. Hospitals or facilities found in breach of the rule can face fines of $10,000 or more. With Gremln, you can capture and archive messages and activity from all major social networks. All data is exportable for reporting or audit purposes.
2) Create a Social Media Policy – This document should include verbiage on ownership of the social media accounts, appropriate language for posting, and the process for dealing with a social media crisis. Another important inclusion is your stance on personal posts across all social media platforms including wiki’s, videos, images, blogs, and online reviews. It should also be clear that ownership of company based social media accounts become property of the company after termination, along with user names and passwords. A single sign-on to company accounts owned by IT or marketing might be an ideal way to prevent employees from going rogue. Finally, be clear that posts regarding patient and proprietary information such as financials and acquisitions are strictly prohibited. Be sure to check out Gremln’s social media policy tips, too.
3) Train your employees – Educating employees on social media best practices can reduce your risk even more. To properly train employees, prepare several sessions on a variety of issues, including a “primer,” something that gives a general overview of social media technology. Introduce the outposts your organization will use, and why they are relevant for your business. Sessions should also include an overview of your company’s social media policy, best practices for tweeting/posting, and basic how-to’s for setting up individual accounts. Discourage using personal accounts for business; instead, create individual accounts using company email addresses for use with business posts only. You may also want to break the sessions down by department so that they are more targeted and useful to your audience.
A report from Marketo and Infinigraph found that several medical brands are successfully leveraging social media, including Boston Children’s Hospital. They engage their 73,000+ fans with content that is educational and informative without discussing sensitive issues. This is accomplished through judicious use of images and relatable human interest stories. Consider what is most important to your patients and customers. Find their pain points, and create content that will help solve their problems while driving interest for your brand.