Expert hints: 7 ways to avoid HIPAA violations via social media

January 17, 2015

These days, social media is king. Everything has become shareable and information can be passed along with just a click of a post or tweet button. But what happens if someone posts their negative feelings about your clinic, your staff, or even you online for the world to see? What if a patient desperately needs answers to their eye issue and reaches out to you via Facebook or Twitter for an answer? These scenarios can quickly turn into violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) if handled incorrectly.In this Q&A with Misti Buard, a certified marketing coach, we delve into everything physicians need to know to prevent HIPAA violations via social media.

These days, social media is king. Everything has become shareable and information can be passed along with just a click of a post or tweet button. But what happens if someone posts their negative feelings about your clinic, your staff, or even you online for the world to see? What if a patient desperately needs answers to their eye issue and reaches out to you via Facebook or Twitter for an answer?

These scenarios can quickly turn into violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) if handled incorrectly.

More in this issue: why specialty physicians need to look at EHR platforms differently

In this Q&A with Misti Buard, a certified marketing coach, we delve into everything physicians need to know to prevent HIPAA violations through social media.

How should ophthalmologists handle a bad online review on sites such as Yelp? Is there anything they definitely should not do?

Bad online reviews should never be ignored (especially those on Yelp or Google!). Some say that you should respond privately to a bad review, but that isn’t wise. Think about it, why would one respond privately to something that was written for everyone to see-and that ‘something’ is a bad reflection of their practice?

The best way to handle this situation is by joining the conversation. Address the issue (publicly) and more importantly, ask the patient how they’d like the issue resolved. Acknowledging the negative review publicly allows onlookers (potential customers) to see that the ophthalmologists values patient satisfaction, and that he/she is willing to go above and beyond to make sure that their patients are happy.

Monitoring Yelp and other sites weekly should be a best practice that each ophthalmologist follows. Positive reviews will encourage more patients to walk through your door, bad reviews will not.

 

 

What does HIPAA mean for ophthalmologists who are active online?


Rule of thumb for ophthalmologists who utilize social media sites: If you wouldn’t say it in an elevator, then you shouldn’t say it online.

The same HIPAA policies that are followed inside of the office, must be followed online.

How can ophthalmologists avoid a HIPAA violation?

The best way to avoid a HIPAA violation is by planning ahead. By that I mean create a social media plan each quarter. A social media plan will help ophthalmologists and their staff know exactly what content is being posted and the day it will be posted.

In case you missed it: Making fun of doctors

The key to avoiding any violations is truly preparation (going back to the social media plan). Allow me to use this analogy: Before a parent sends their six year old to school each day, the parent makes sure that their lunch is packed, their homework is complete and that they’ve been fed breakfast (maybe not exactly in that order). But that’s exactly how ophthalmologists should prepare their social media content.

If an office manager is in charge of creating the social media plan, then the doctor should review the plan along with the content that will be posted. Planning ahead will avoid any last minute/random (just so we can get our name out there!) posts. The parents of that 6 year old I mentioned earlier may worry about their child throughout the day, but I guarantee that they aren’t worried if their child completed their homework or not. Why? Because they reviewed the homework to verify if was complete before sending the child to school.  Ophthalmologists should do the same.

The content that is posted should be two things, either educational and/or engaging.  

A sample post could be as follows: Here are 5 tips on how to protect your eyes during the summer! After the tips are listed, the audience should be engaged by asking an open-ended question such as: “Which one of these tips do you and your family practice?”

Educating staff about HIPAA compliance is another must that should be done in order to avoid any violations.

 

 

Do you have any examples or scenarios?

There was an “unintentional privacy breach” that happened a couple of years ago.

Alexandra Than, MD, posted a few of the things she’d witnessed in the emergency room on her Facebook page. She didn’t include any names, but she wrote enough information that an individual was identified. She was fired from Westerly Hospital in Rhode Island.

A court document re: Alexandra Than: http://www.health.ri.gov/discipline/MDAlexandraThran.pdf

Are there areas that ophthalmologists would not think about when it comes to social media and HIPAA violations?

Yes, there are. For instance, there were several holiday parties toward the end of 2014, and if a doctor and his staff decided to take photos in their office and post them onto social media sites- they could easily get into trouble if a patient’s file is nearby and their name can is visible. 

Of course at the time they’re just having fun and spreading holiday cheer, but if the name on that file can be read- the practice has violated HIPAA.

 

What should an ophthalmologist do if someone is asking for advice via social media?

A doctor should never give guidance or recommendations via social media. If someone is asking for advice via social media, the doctor should advise the patient to visit the nearest ophthalmologist.

Is there anything else you think ophthalmologists should know/be aware of in regards to HIPAA and social media?

  • Learning the ins and outs of social media would benefit ophthalmologists.

  • Separating their personal account from their business account could definitely save any future headaches. (Some ophthalmologists go as far as creating pseudonyms for their personal pages.)

  • Don’t “friend” patients on social media sites.

  • One of the most important things to remember is that nothing is ever private, even if it’s shared privately on your personal page.