HIPAA Risks and Social Media
By David Martin, President and CEO of VeinInnovations
Is your practice using social media to stay in touch with patients and reach out to new ones? If so, you’re one of many in the medical community expanding into digital society. The New York Times recently profiled a doctor who goes one step further and sends texts to her teenage patients. That’s probably a bit farther than most of us are willing to go.
Our patients’ trust that we will protect their privacy is vital to the success of the doctor-patient relationship, and therefore the practice as a whole. It’s also a significant legal issue, as we all know. HIPAA violations are costly to your wallet and your reputation. So if you’re actively using social media, what violations should be on the lookout for, and what can you do to prepare in advance?
Once upon a time (about 15 years ago), patients who had a problem with you or someone at your office wrote a letter, or better yet, came directly to you to discuss it. Those methods of reaching out are increasingly rare. Customers – in our case, patients – will air their grievances on social media. You may have used this tactic yourself. The public forum ensures that not only will the company see the complaint, but so will other customers. It can be a great way to get a quick response from a business you believe was in the wrong. For medical practices, it’s not as simple as it is for others.
To avoid any unfortunate violations, make sure that everyone who manages the page or acts as an administrator is set to receive emails for comments. Don’t rely on frequently checking the page. The nature of the complaint will determine how you handle it.
If the complaint violates HIPAA if the author reveals personal medical information. Regardless of the fact that the author chose to share it, it must be removed from your page. Immediately delete the comment and block the user. Don’t end there! If the patient with a complaint feels ignored or that their problem is being swept under the rug, they’ll only become more angry. If they’re a patient of yours, you should have their contact information on hand. Reach out to them. Let them know you’ve gotten their message, and do you best to resolve the issue. Explain why you were obliged to delete their post or Tweet, and ask that any further communication take place through private email or over the phone.
What about complaints that don’t violate HIPAA? Should you delete those automatically? While you’re inclination might be to remove any comment that disparages your practice, resist the urge. Fair and reasonable complaints are best left on the page and responded to on the page. Here’s an example:
“The waiting room was freezing and there was nothing to read. It wouldn’t have bothered me too much – but I had to wait for over half an hour past my appointment time before I was seen!”
Quickly respond with a genial,
“Thank you so much for bringing this to our attention. We will contact you directly and try to remedy this. Our practice cares about your experience in our office.”
After you’ve responded, block the user.
Remember not to panic. Complaints will happen, even when we’re doing our best. Have a plan in place, make sure everyone is on the same page, and always respond quickly and appropriately. Social media is here to stay. If you’re prepared for the risk, it’s worth the reward.