HIPAA’s Impact on Healthcare in Social Media
It’s no secret that today’s healthcare patients are increasingly using digital tools as part of their overall health maintenance. A January 2013 Pew Research Study showed that 1 in 3 Americans used the internet to figure out a medical issue, and 41% of those surveyed acknowledged social media influenced their health care decisions. To put this plainly, people have added social sites to their health care toolbox, which creates a big impact for the healthcare industry. Like my post on the regulatory issues affecting the banking industry’s presence on social and digital, the healthcare industry has unique concerns when it comes to marketing on social. However, risks and challenges should not outweigh the unique opportunity that social presents for the industry.
SayItSocial recently delivered a Social Media Training course on “Healthcare in the Digital World” and our research lead us to a plethora of resources and case studies on the subject of privacy violations in the healthcare industry. Healthcare professionals know all too well how HIPAA (Healthcare Insurance Portability and Accountability Act) protects the privacy of patients, but breaches still occur, and frequently on social media …
You Don’t Have To Name Names to Violate HIPAA
a physician with the Beth Israel Deaconess Medical Center in Boston stated:
“Err on the side of caution, because you can’t go the other way. We first have to put ourselves in the shoes of the patient we may be discussing and then reflect if what we’re saying is appropriate.’’
One physician that probably wishes she listened to Crotty’s advice is Dr. Amy Dunbar …
OBGYN Talks Smack
Dr. Dunbar, an OB/GYN at Mercy Medical Center in St. Louis was simply fed up with her chronically late patient (how’s that for irony?). And in a move we’ve all seen before on our newsfeeds, Dr. Dunbar took to her Facebook page to gripe her annoyances. Sympathizing comments (some rather crass) from fellow healthcare comrades ensued. However, that is where the sympathy ended.
Although she did not disclose the patient’s name, heated accusations of whether Dunbar violated the patient’s privacy erupted. Mercy’s “Mom’s To Be” Facebook group started a petition to investigate whether or not HIPAA laws were violated, since Dunbar specifically mentioned personal information that could help identify the patient. Fiery online debates of those demanding Dunbar’s resignation, to those that claimed Dunbar did nothing illegal, prompted Mercy to offer several statements and, as a result, gave them a big PR headache. After a thorough investigation, Mercy announced that while Dunbar’s Facebook statement “did not represent a breach of privacy laws, they were not appropriate and not in line with our values of respect and dignity.” With Dr. Dunbar’s page now set as private, it it unlikely she will be venting about her patients to the social world anytime soon.
Thus, Healthcare Organizations Need Social Media Policies
The Washington DC based law firm Arnold & Porter LLP notes that ultimately the employer can be liable if their employee discloses private patient information, with fines ranging from $100 to $1.5 billion and perhaps even jail time. It is crucial for healthcare facilities to develop and implement defined social media policies outlining examples of privacy breaches. So before hospitals can embark on a social crusade, organizations must develop a social media strategy that incorporates their existing communication guidelines with their particular business culture and break down HIPAA into their social media communications and policy guidelines. When done correctly, a successful social media policy can create and strengthen doctor-patient relationships, just ask the Mayo Clinic, the Number One Social Media Friendly Hospital. They are clearly onto something.
Image Credit: Cision Navigator