Private practices—especially those that provide elective procedures—typically have to deal with the HIPAA violation waiting to happen that is social media. One wrong tweet, status update, or Instagram story can result in hefty fines. Hence, to protect a practice as well as a patient’s privacy, it is imperative to have a protocol in place on how to properly tackle social media.
For starters, it’s a good idea to have a designated “social media person” who can be trusted to take care of social media posts, particularly if any social media activity is done in-house. This person should be the only one with access to social media account logins and they must also make sure that there are no personal devices with patient information stored on them. Reinforce the fact that before publishing anything, the post should be reviewed by the physician.
Ensure the patient you intend to post about has provided their signed social media consent forms. It may be a good idea to have these forms examined by a legal professional or someone who is well-versed in HIPAA rules and regulations. Also, make sure to take a look at the patient’s age. If they are not legally adults, their parent or legal guardian must be the one to sign the consent form.
Finally, consider the platform you intend to share on. For example, a colonoscopy photo on Instagram may not be the wisest idea, even if the patient consented. Use your better judgment or consider asking the patient which services they are okay with.
This update is by Medical Accounts Systems, a full-service healthcare revenue cycle management company providing a number of services including insurance follow up and managed care disputes, physician reimbursement, extended business office services, and more. For additional information on our services or for any questions you may have on topics such as hospital bad debt, please call 877-759-6315.