Navigating patient information and social media
Social media is a powerful tool for healthcare marketing, but protecting patient privacy requires thoughtful strategies and strict adherence to HIPAA guidelines.
Key takeaways:
- Always obtain explicit, written consent before sharing any patient-related information or images on social media.
- Educate staff, moderate comments and designate specific team members to manage your organization’s social presence responsibly.
- For activities like contests or user-generated content campaigns, consult legal experts to ensure compliance with HIPAA and privacy regulations
Author: WG Content
Last updated: 11/01/23
For many people – especially marketers – social media is a part of everyday life. How we share and find information seems to revolve around the constant checking, updating and refreshing of our various social feeds. That’s why navigating social media and patient privacy is critical for healthcare marketing professionals.
As social channels become more ubiquitous, personal privacy is not always a priority. But for those of us in the healthcare field, privacy always needs to be top of mind, especially on social media. Under the Health Insurance Portability and Accountability Act (HIPAA), an individual’s personal medical information should not be shared in any form of media – electronic or otherwise – unless the individual has given express consent to share that information.
Violating patient privacy is a serious matter, and something that should always be considered before sharing or re-sharing patient-related content. So what does this mean for your social media plan?
Top tips for managing social media and patient privacy
For healthcare organizations, navigating social media requires a balance between engagement and safeguarding patient privacy. Here’s how to protect both.
1. Do not share a patient’s information or photo on social media without permission
Get written consent from the patient before sharing a social media post that may identify his or her personal or medical information. HIPAA lists 18 personal identifiers that should be avoided. Even if you don’t use a patient’s name, there are other things that can identify him or her, such as injuries, condition, or his or her appointment time. Work with your legal or compliance team to develop a patient consent form that explains how the information will be shared and the risks involved with sharing personal information.
2. Do not give medical advice on social media
Answering medical questions requires a lot of personal information and should be handled by a medical professional in a private, one-on-one setting. Tell the patient or follower to reach out to his or her health care provider
Get more healthcare marketing tips and best practices: Subscribe to the WG Content newsletter.
3. If there’s a complaint, take it offline.
If someone sends some negative feedback your way, it’s important to address the concern and resolve the issue. This sometimes requires getting personal information about the complaint or situation. If the complaint was made on social media, take it to an offline, secure channel to get more information.
4. Moderate comments and content
This may not work for every channel, but it’s a safeguard that is worth using if it’s available. In fact, the U.S. Dept. of Health and Human Services has made comment moderation part of its social media policy for the department’s digital presence. Being able to moderate comments and content can help protect patients and prevent people from inadvertently sharing personal medical information.
5. Double check photos
If someone submits a photo to share on social, check for possible patients in the background. Even if it is a photo from an internal event, it’s important to make sure you’re not outing anyone’s status as a patient. It’s also important to do this check with group photos of patients – has everyone in the photo given consent to sharing this image publicly?
6. Train staff on the importance of social media and patient privacy compliance
This is a big one. If possible, work with members from across your organization to develop a written social media policy to distribute. Everyone at the organization – from the clinic staff to administration — should not talk about patients on social media, even vaguely or generally.
7. Designate certain individuals to be in charge of social media
Identify one or two individuals (depending your size and structure) who will be in charge of posting your organization’s social media content. These individuals should be experts in social media and well versed in protecting patient privacy. If you spread the social media responsibility across too many people, you run the risk of having someone who may not understand all the privacy protocols.
8. Consult legal for any social media contests
A lot of organizations launch contests asking followers to send in user-generated content (UGC), such as photos or personal stories. While they may be great tools for collecting content and growing followers, these contests can also be filled with patient privacy landmines. Before launching any contests, talk with a legal or compliance officer at your hospital or organization to draft terms of use and disclaimer language. Discuss how you will inform the patients about the re-use of their content and how you can obtain consent.
Be smart with social media and patient privacy
There’s no question social media is a necessary for healthcare marketing. Many patients use social media to search for health information and choose a provider, especially when looking for a second opinion. That’s why it’s essential to balance social media outreach and patient privacy. Take the time to put a plan in place so you can post with confidence when it comes to patients! The team at WG Content is here if you need social media support.
Follow-up questions about social media and patient privacy:
Want more insights on all things content?
Sign up for WG Content’s newsletter, Content Counts.
