social media and hipaa

HIPAA & Social Media:What you need to know

Brian Geyser, APRN-BC, MSN

The Game Has Changed

More people onlineMore surface areaMore touch pointsMore opportunity

Need to seize opportunity, deliver brand promise consistently and coherently across all touch points, and mitigate risk

86% of U.S FG100 Companies

use at least one SM platform

5,800 Hospitals in U.S.

1,000 (17%) use social media

33,000 Homecare Providers

1/3 have a Facebook Page

65% of homecare companies have an outdated website

47%

20K Nurses

December 16th, 2010

%

IS YOUR BRAND

?

If patients and family members are posting testimonials and sharing stories on a competitors Facebook Page but you don't even have a Facebook Page, what does that say about you?

If people can leave comments, share ideas, and interact on other providers's on their websites but they can't do it on yours, what does that say?

If family, referral sources, and patients can freely post content to a competitor's Facebook Page but they can't on yours, what does that say?

If your competitors are demonstrating their expertise by posting videos, articles, and helpful tips but you are not, what does that say?

Key Questions

1. Loss of control 2. Privacy & confidentiality 3. Potential for bad comments4. Budget constraints 5. Employee productivity

What are YOU afraid of?

Social What can

DOfor Us?

Marketing/brand awarenessLead generation Public relationsLoyalty building CommunicationsCustomer support Recruitment Networking

What Can Social Do For Us?

Increase website trafficBoost natural search rankingsHelp monitor competitorsOptimize customer serviceEstablish company as a leader

What else?Super

Tell stories Broadcast accomplishments to a targeting audience

Parent & employee engagementWord-of-mouth marketing

Public-facing customer service opportunities

Demonstrate expertise

ROI?

It's not about being a better marketer

It's about being a better communicator

Give them what they want/need

Covered entities Privacy ruleSecurity rule

HIPAA

1. Use privacy settings to safeguard personal information and content to the fullest extent possible.

2. Monitor your internet presence to ensure that the personal and professional information, and content posted about you by others, is accurate and appropriate;

3. Maintain appropriate boundaries of the patient-physician relationship when interacting with patients online and ensure patient privacy and confidentiality is maintained;

4. Separate personal and professional content online; and

5. Recognize that actions online and content posted can negatively affect your reputation and may even have consequences for your medical career.

Team

Policies

Training

Monitoring

Tools

Moderation

Strategy

Executives

PRLegal

Consultants

MarketingCommunications

Nurses Doctors

TEAM

Internal External

POLICIES

PhilosophyRules of engagementConsequences Code of ethicsBest practices

INTERNAL

Covenant Expectations Disclaimers

EXTERNAL

{ tools }

7 Best Tools for Health Care1. Facebook2. Blog3. YouTube 4. Twitter5. Online Community6. Linkedin7. Email marketing

8Success Criteria for Facebook Page Engagement

1 Set community expectations

2 Provide cohesive branding

3 Be up to date

4 Be authentic

5 Participate in dialog

6 Enable peer-to-peer interactions

7 Foster advocacy

8 Solicit a call-to-action

Monitoring Tools

Q: If I'm a provider, should I friend my patients on Facebook?

A: it depends

A: YES. Respond, delete, or leave as is, but NEVER EDIT

Q: Can we remove posts or comments?

Q: Are we liable for postings on non-employee forums we host or own?

A: No. Section 230 of the Communications Decency Act protects you as a sponsor of an online forum. "A healthcare provider cannot be held liable for postings made by other parties just because it owns or sponsors the forum.”

HIPAA makes an “absolute distinction” between the hospital’s workforce (a term defined in the regulations) and everybody else. Organizations are responsible for the actions of their workforce, but not for the rest of the world.

Q: Are we liable for postings by a patient's friends or family?

A: No. The Department of Health and Human Services’ Office of Civil Rights says, "Entities subject to the HIPAA Privacy and Security Rules are covered entities: health plans, healthcare providers, and healthcare clearinghouses. Generally speaking, a covered entity would not be responsible for the actions by a patient’s friends or family."

Q: What if we invite people to post stuff. Are we liable then?

A: If you invite illegal activity then you assume liability. If you want to invite new moms to post baby photos or ask weight loss program participants to track their results in a support group forum, then make sure you have a terms of use policy where they are voluntarily giving you permission to publish that information.”

Q: What if patients post photos they have taken in the hospital on social sites?

A: Post signs stating that picture taking is not permitted. That way, if a visitor ignores the rules, takes a picture and posts it online, the hospital can at least demonstrate that it was exercising reasonable measures to protect patient privacy.

web: carenetworks.com email: brian.geyser@carenetworks.comtwitter.com/bgeyserfacebook.com/carenetworksphone: 203.915.0524

Brian Geyser