The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that says that a patient has control of his or her own protected health information. No one else can release that information without consent of the patient. So how does that affect your hospital’s social media marketing plan?
First, you need to tailor for your hospital a coherent set of internal and external policies and procedures about patient privacy.
Involve leaders and frontline staff in developing these policies and procedures. These policies should:
- Explain the appropriate use of social media platforms, including who should represent the hospital on social media platforms and making sure they are properly trained
- Clearly define how information posted there will be used and what type of content should be distributed
- Specify what degree of privacy can be expected
You may also want to state that social media should not be used for personal medical advice, and that the channels are not monitored 24 hours a day, seven days a week.
While it is possible to conduct a hospital-patient relationship online, a best practice would be to initiate the relationship in real life and get appropriate authorization from the patient to continue the dialogue online.
Some patients are more open than others and are willing to post details about themselves that others consider private. Even if someone posts specific details in a public forum such as a social media channel, your response should never disclose protected health information.
When you feel that comments or questions on your social media platform are approaching HIPAA violations, take them offline. Ask the patient to call your hospital for more details. Prominently post your policies and procedures on all your social media platforms.
Review your social media platforms at least daily. That helps you respond quickly to the good and bad that comes your way, and helps build strong, trusting relationships. Also note that when a patient posts his or her own protected health information on your hospital’s social media channels or blog, it is not a violation of HIPAA. Each patient is free to release his or her own information. Just be careful and use common sense when responding!