For many people – especially marketers – social media is a part of everyday life. How we share and find information seems to revolve around the constant checking, updating and refreshing of our various social feeds.

As social channels become more ubiquitous, personal privacy is not always a priority. But for those of us in the healthcare field, privacy always needs to be top of mind, especially on social media. Under the Health Insurance Portability and Accountability Act (HIPAA), an individual’s personal medical information should not be shared in any form of media – electronic or otherwise – unless the individual has given express consent to share that information.

Violating patient privacy is a serious matter, and something that should always be considered before sharing or re-sharing patient-related content. Here are some tips to help you protect patient privacy on social media:

  • Do not share a patient’s information or photo on social media without permission. Get written consent from the patient before sharing a social media post that may identify his or her personal or medical information. HIPAA lists 18 personal identifiers that should be avoided. Even if you don’t use a patient’s name, there are other things that can identify him or her, such as injuries, condition, or his or her appointment time. Work with your legal or compliance team to develop a patient consent form that explains how the information will be shared and the risks involved with sharing personal information.
  • Do not give medical advice on social media. Answering medical questions requires a lot of personal information and should be handled by a medical professional in a private, one-on-one setting. Tell the patient or follower to reach out to his or her health care provider.
  • If there’s a complaint, take it offline. If someone sends some negative feedback your way, it’s important to address the concern and resolve the issue. This sometimes requires getting personal information about the complaint or situation. If the complaint was made on social media, take it to an offline, secure channel to get more information.
  • Moderate comments and content. This may not work for every channel, but it’s a safeguard that is worth using if it’s available. In fact, the U.S. Dept. of Health and Human Services has made comment moderation part of its social media policy for the department’s digital presence. Being able to moderate comments and content can help protect patients and prevent people from inadvertently sharing personal medical information.
  • Double-check photos. If someone submits a photo to share on social, check for possible patients in the background. Even if it is a photo from an internal event, it’s important to make sure you’re not outing anyone’s status as a patient. It’s also important to do this check with group photos of patients – has everyone in the photo given consent to sharing this image publicly?
  • Educate and train all staff about social media and patient privacy. This is a big one. If possible, work with members from across your organization to develop a written social media policy to distribute. Everyone at the organization – from the clinic staff to administration — should not talk about patients on social media, even vaguely or generally.
  • Designate certain individuals to be in charge of social media at your organization. This is one of a few great recommendations from intakeQ: Identify one or two individuals (depending your size and structure) who will be in charge of posting your organization’s social media content. These individuals should be experts in social media and well versed in protecting patient privacy. If you spread the social media responsibility across too many people, you run the risk of having someone who may not understand all the privacy protocols.
  • If you’re working on a social media contest, talk to your legal department. A lot of organizations launch contests asking followers to send in user-generated content (UGC), such as photos or personal stories. While they may be great tools for collecting content and growing followers, these contests can also be filled with patient privacy landmines. Before launching any contests, talk with a legal or compliance officer at your hospital or organization to draft terms of use and disclaimer language. Discuss how you will inform the patients about the re-use of their content and how you can obtain consent.

If you’re looking for other tips on avoiding patient privacy violations, Sprout Social has some great advice that touches on multiple areas of digital marketing (not just social media). Patient marketing pro Scott Zeitzer also offers some good tips on keeping your social media marketing HIPAA compliant.

What tips do you have for avoiding patient privacy violations on social media? Share your experiences with us in the comments section below.