Start Your FREE Membership NOW
 Discover Proven Ways to Be a Better Medical Office Manager
 Get Our Weekly eNewsletter, MOMAlert, and MUCH MORE
 Absolutely NO Risk or Obligation on Your Part -- It's FREE!
EMAIL ADDRESS



Upgrade to Premium Membership NOW for Just $90!
Get 3 Months of Full Premium Membership Access
Includes Our Monthly Newsletter, Office Toolbox, Policy Center, and Archives
Plus, You Get FREE Webinars, and MUCH MORE!
INSIGHT

Is your medical practice’s social media policy adequate?

By Nick Hernandez  bio

By now every physician should be aware of the benefits that can be bestowed upon their practice as a result of social media. Indeed, many practices are engaging in one or more social media platforms on a regular basis. Moreover, staff members are most definitely active in social media, and probably use it while at work.

Physicians and practice managers must be smart about training employees on what they should and should not share online. Staff in your practice could incur liability on behalf of your practice as a result of their comments on social media. Because of the confidentiality rules in HIPAA, staff training is important. You should constantly remind employees that they are representatives of the practice.

You should also have some sort of social media policy in place. Here are a few key items your policy should include:

1. Guidelines and expectations

Your policy should set clear expectations for how team members (as representatives of your practice) must conduct themselves online.

Your policy should clearly state that there will be no posting of protected health information (PHI) and that employees are not allowed to use social media in work areas near patients. Be specific in training your employees and inform them to avoid identifying patients in any way on social media — this includes names, unique characteristics, etc.

Some practices do not allow employees to use social media for personal reasons on work time. While that is fine as a policy, it does not circumvent the need to appropriately train your staff. Moreover, it can be hard to police.

It is advisable to discourage team members from participating with patients on various websites. If they do engage patients on social media, they certainly should not be discussing patient-related matters.

Lastly, someone (most likely the practice administrator) should be designated as the spokesperson responsible for answering questions about your practice on social media.

2. Penalties and consequences

Penalties for data breaches increased under the American Recovery and Reinvestment Act so your policy should make it clear to employees about the consequences of their actions on social media sites.  An individual claiming they did not know they violated HIPAA is subject to a minimum of $100 per violation.  A HIPAA violation due to reasonable cause and not due to willful neglect carries a minimum fine of $1,000 per violation.  A HIPAA violation that is due to willful neglect (but corrected in short order) is subject to a minimum of $10,000 per violation.  Lastly, a HIPAA violation that is due to willful neglect and not corrected carries a minimum fine of $50,000 per violation.  The maximum fine for each of these four categories is $50,000 per violation.

3. Explanations of rules and regulations

The social media policy should outline what is illegal, what is considered confidential information of the practice, and what is protected health information.

Conclusion

Your social media policy should be a separate document from your employee handbook. But it’s not enough to have a social media policy—employers should put in just as much time and effort in training their employees on the ins and outs of the policy.


Medical Office Manager is pleased to welcome Nick Hernandez as a guest contributor.

Nick Hernandez, MBA, FACHE is the CEO and founder of ABISA, LLC, a consultancy specializing in healthcare strategic growth initiatives. He is a speaker, trainer, and author who has over 20 years of leadership and operations experience. Since founding ABISA in 2007, his emphasis has been on developing and maintaining a strong relationship with physicians and identifying areas for business opportunity and support. The company’s client list includes physician groups, hospital systems, healthcare IT organizations, venture capitalists, private equity investment groups, and hedge funds. He can be reached at nhernandez@abisallc.com or you can follow him on Twitter: @ABISALLC.


Editor’s picks:

How to Use Social Media to Promote Your Medical Practice and Propel Your Career


Your personal social media posts: are they really personal?


Ready, Set, HIPAA Enforcement: 2017 is going to be a year to remember


Close

EMAIL ADDRESS


PASSWORD
EMAIL ADDRESS

FIRST NAME

LAST NAME

TITLE

COMPANY

PHONE

Try Premium Membership

(-0)