Smart Social Media Policy for Healthcare

Smart Social Media Policy for HealthcareSmart Social Media Policy for HealthcareSmart Social Media Policy for HealthcareApril 16, 2012 BoernerIn California, a hospital employee posts a patients chart to Facebook and makes fun of the patient for landseeking STD treatment and birth control.In Rhode Island, an ER doctor, distraught over the death of a patient, shares that shes heartbroken, switching the patients gender and how she died to protect herbei identity.In Wisconsin, an ultrasound tech posts that shes thrilled that one of her patients is having triplets.These stories demonstrate the use of social media in the workplace. And all three are violations of the Health Information Portability and Accountability Act (HIPAA) that could nab their employers up to a $50,000 fine.HIPAA Rules in a Social Media WorldBreaching patient confidentiality is a total no-go, and it has less to do with HIPAA than our standards, said Will Weider, vice president and CIO of Wisconsin-based Ministry Healt h Care and Affinity Health System. At this point, I dont know that there are many grey areas.Indeed, Twitter, Facebook, Tumblr and other social media platformshave transformed the way hospitals market themselves and how patients find them.But when healthcare workers recklessly tweet, post to Facebook and share patients private health issues online, it not only violates HIPAA, it also hurts the healthcare industrys ability to attract and retain patients.A clearly laid out social media policycan ward against such snafus. Yet only about 20 percent of hospital systems currently have a social media presence, with a larger proportion operating under general social media policies.Weiders policy, which is considered by some to be one of the most forward-thinking in the industry, went online in 2009.What that means, says David Harlow, principal of The Harlow Group, a Boston-based health care law and consulting firm, is that social media-naive healthcare groups may think a simple ban is prefe rable to having actual social media guidelinesin place.That doesnt work really well because people just use Facebook or Twitter on their smartphones, said Harlow, who blogs at HealthBlawg. They can snap a picture and post something inappropriate maybe even more easily from their phone than they can from a desktop computer.Social media in the workplace requires clear expectations and policies. Heres what every social media policy for healthcare organizations should include.Zero ToleranceEverything from posting a picture of an ER waiting room - where a victim of domestic violence could be sitting - to mentioning anything that identifies a patient, including their condition, prognosis or, as described above, how many kids they are going to have, has the potential to violate HIPAA rules.Its inappropriate to even acknowledge that someone is receiving care here, said Weider. A patients medical experience is their own to share and not something employees should ever disclose, especially on something like Twitter.Never AnonymousNext, explain to staff that no matter how well you try to camouflage a patients identity in buchung to share a story online, youre likely to fail.Were literally doubling the amount of data available online every couple of days, said Harlow. Something thats de-identified today will not be de-identified next week. Thats why people who blog about patient stories really need to come up with fictitious patients or composites, rather than basing their posts on actual patient histories.Never PrivateWhats a private network? asked Ed Bennett, a social media expert who also works with the University of Maryland Medical Center and sits on the advisory board for the Mayo Clinic Center for Social Media.What if you only have three Facebook friends in your group? What about 300 or 3,000? At some point, you cross the threshold.Since people can retweet, share and pass along whatever someone writes on a social network, your social media policy must communicate that whatever employees type into a keyboard is public - and, with online caches, permanent.The way we approach it is lovingly, the way you would with a family member, said Weider. When staff tweet about their work, they can assume it is being read by our patients and their fellow employees.Keep It RespectfulPatients should never see staff tweeting or updating their Facebook status. Theres never a time when you want to be looking at Facebook in front of a patient, said Weider. Thats never perceived as a positive thing. But on breaks and away from a patient, its fine.Keep It AliveFinally, its not enough just to have a social media policy, said Harlow. You have to train and periodically remind staff of it.Weiders Affinity Health System did an initial in-service on its policy and addresses social media in the workplace in annual employee refreshers.Harlow suggests revisiting the policy and offering staff refreshers every six months, as well as including your social media policy in em ployee onboarding sessions.You want the policy to be really alive among the staff, said Harlow.Pay OffOnce you have a social media policy that works to keep patient information secure, you get a surprising result, said Weider.Theres a huge potential benefit for our organization, he said. I wanted to attract tech-savvy employees who know how to leverage this technology. I didnt want a policy that would scare away the workforce I try to attract.Even better, says Weider, is that, People love working here, and they share the things happening at the hospital and clinic on social media.