Many times, HIPAA violations are caused by well-meaning staff members. More and more often, violations occur because of inappropriate use of social media. Staff members should be trained on the ‘Golden Rule’ of social media usage; if they wouldn’t say it in an elevator, they shouldn’t say it online.
In any case where a patient’s name or photo are used for social media purposes, the office should maintain a signed Social Media Use and Disclosure Consent form. All Smart Training Platinum+ clients will have access to this form as part of their 2018 Compliance Notebook. If patients wish to rescind their consent, the office should be prepared (and able!) to remove the patient’s information within a day or two of receiving notification.
Rather than run the risk of violating HIPAA by posting patient information yourself, you can invite patients to post their own photos or stories. When your organization is not the posting entity, the chance of violation is minimized. Remember, however, that reviews posted by patients can be altered or deleted. If you respond to a review, don’t use the patient’s name or any other identifying information in your response.
The point is this: Your office cannot afford patient information mistakes with social media. Once something goes online, it may never go away. For better or worse, online media has created a near-instantaneous spread of information. Even if an employee deletes something they’ve posted in error, there’s a chance someone has taken a screenshot of the material to post somewhere else.
Appropriately used, social media is a powerful tool to enhance community relations. Contrary to popular belief, HIPAA doesn’t prohibit social media use by healthcare practices. If you use common sense and follow HIPAA standards, you can protect your patients, your staff, and your office.
Ensure your practice is using up-to-date Patient forms by signing up for a Smart Training compliance package. Get more details by clicking below.