Social Media & HIPAA

There are about 7.476 billion people in the world, and 2.789 billion of those people are active social media users (Digital in 2017 Global Overview).  Odds are that nearly every person, restaurant, civic organization, business, school, and lifestyle group that you can think of has a dedicated Facebook profile.  For your private practice, maintaining a social media presence can be an inexpensive, do-it-yourself part of your marketing, but it must be done correctly.

One of the first steps in ensuring that all of your HIPAA ducks are in a row when it comes to social media is having a “Social Media Policy.”  This document, which should be shared with patients upon your agreement to work together, outlines all of the possible websites where a connection between you and a client could be established (i.e.: the client “likes” your professional Facebook page or follows you on your Twitter account,) some of the risks inherent in participating in those interactions, and how you will conduct yourself in these various scenarios.

What should I include in my Social Media Policy?

While Facebook and Twitter may be the first things that come to mind as they are the most frequently used, your policy should also cover: LinkedIn, direct messaging on any social media sights, communication via text or email, Yelp, Bing, or other business review sites.  Here are three specific areas that I recommend addressing in your social media policy:

  • If your clients “friend” you on social media, or if they become a fan of your professional social media pages, there is a potential to create visible links between you and your client, which could compromise your clients’ confidentiality. It also one of the many ways that tells “Big Data” that you are possibly linked.
  • You might also want to include a note in your Social Media policy that provides basic information to clients about location services. If your clients have location services turned on on their phone/various apps, then their regular visits to your office are evidence of a potential relationship with you.  (Ever wonder why Facebook keeps suggesting your clients as potential friends?)  Plenty of people don’t worry about this, but some do, and it’s best practice as a provider to be aware.
  • If you have a presence on Yelp or any other review site, you may consider including specific wording in your policy that addresses that your presence is not equivalent to you asking for a review. Asking for testimonials from clients is unethical.

Keep in mind that your social media policy does not have to attempt to control whether or not a client “follows” you or leaves a review, but instead provides information, and highlights what your actions will be in each of these scenarios.

If you currently do not have a social media policy in place, the good news is that you do not have to start from scratch!  Dr. Keely Kolmes is a great resource for you.  Dr. Kolmes shares her Private Practice Social Media Policy so that you may copy it or adapt it for your own practice as long as you cite her as the original author.  Read more about her Private Social Media Policy here or download the .pdf version of it here.

Lastly, I think it’s important to evaluate your practice and see if you think it is worth having a social media presence.  You may find that after reading this, you’d rather delete your professional social media profiles altogether, especially if you aren’t a frequent user.  While the purpose of this article was not to overwhelm you or deter you from having a social media presence, recognize that this may not be a necessary “piece” of communication for everyone.  As always, keep in mind what is best for your private practice!