News Feature | October 22, 2013

Social Media Can Grow Your Practice

Source: Health IT Outcomes
Katie Wike

By Katie Wike, contributing writer

Social media can put your practice in the spotlight, but there are security and privacy risks to bringing sharing into the office

Social media can be an effective way to promote and grow your practice, as well as communicate with patients. It’s easy to Tweet an update about extended office hours or remind followers on Facebook that it’s time to get their flu shots, but it’s also easy for employees to abuse their ability to share and put your practice at risk.

Examples of common security breaches include employees posting pictures of unusual injuries, accessing medical records of friends and relatives, or even talking about medical cases in a way that the patient could be identified and their privacy violated. According to Health IT Outcomes, the repercussions could add up to $1.5 million for practices found in violation of HIPAA rules.

Physicians Practice outlined five issues providers need to be aware of before utilizing social media:

  • Damage to reputation and compliance with Federal Trade Commission (FTC) guidelines for advertising - Beware of patient reviews, they might not all be positive; and as attorney Melissa Giftus points out, “FTC guidelines require you to be able to substantiate advertising claims; as in, if a patient says they got better under your care, you better be able to pull a medical record to prove it.”
  • HIPAA Violations - Train your staff to recognize HIPAA rules and violations because sometimes practices can be held responsible for the violations of their employees. “Consider this example: Two paramedics in training took pictures of a shark attack victim and sent them to friends via e-mail. While the patient’s face and name didn’t get passed around, there are only so many shark attacks in any given day, and the newspaper reports made it clear who got bit. Anything that makes the patient identifiable is PHI.”
  • Loss of Patient Data - Make sure any device you access cloud based information on is secure and adheres to HIPAA compliant protections and ask your EHR vendor what happens to patient data if something in your practice changes. “Make sure the contract with your vendor makes it clear what happens to the data if you change to another company or it goes out of business,” says Giftus.
  • Employee Ground Rules - Make sure your employees are encouraged to keep their online communications with co-workers appropriate, but also make sure you’re not violating the National Labor Relations Act. The NLRA “prohibits employers from restraining or coercing employees in the exercise of the Section 7 rights; those are rights like the ability to organize or take other actions related to compensation, work conditions, or other workplace complaints.”
  • Malpractice Liability - Giftus says there is a trend of patients recording their office visits. “State rules determine whether patients can make recordings without telling you, but the record is discoverable either way,” according to Physicians Practice.

Health IT Outcomes adds, “Defining clear and strong internal policies about social media use and disclosure should be your first line of defense in safeguarding PHI from a social media breach. However, in the Ponemon survey, 55 percent of the respondents don’t have an acceptable use policy for activity on social networks.”

The bottom line is that while social media can be a great tool for promotion and is an accessible way to reach patients, it can also be dangerous if employees aren’t aware of regulations. Teach your employees the importance of HIPAA and privacy rules and keep track of social media posts and reviews of your practice in order to avoid the consequences of bad social media.