Hashtags don't have to mean HIPAA infringement: Welcoming social media

Status update: Social media in healthcare may not be such a bad idea after all. As far as David Harlow, JD, MPH, principal of The Harlow Group LLC, is concerned, correspondences among the patient community and its servicing medical practices are the ties that bind, and not necessarily in the constricting legal sense.

“If you’re going to go social, you shouldn’t be running every moment to your lawyers, your regulators or compliance folks to say ‘someone posted this on our Facebook page — what do I do now?’” Harlow remarked during his 2012 MGMA session, titled “Healthcare Social Media: The Lawyers Don’t Always Say ‘No.’”

It’s regarded as an industry Catch-22 of sorts — physicians and other medical professionals want to maximize patient engagement through popular outreach tools (the most utilized of which today being social media platforms) yet in the share-all realms of Facebook, Twitter and other profiled handles, privacy rights inevitably become subject to compromise.

“The open-book ethic of social media runs up against privacy rules in healthcare,” Harlow said. “Healthcare providers want authentic interaction with their patients through social media, but many are concerned about liability.”

So how exactly does a practice embrace the hashtag without having to hash it out before a judge?

According to Harlow, time, patience and a touch of confidence — while basic — form the fundamental undercurrent essential for a free-flowing, successful social media endeavor.

“Confidence to use social media despite potential legal issues,” can make all the difference when mining the gruff grounds of GIFs and tweets, Harlow said. Moreover, “your comfort level with social media will change over time and by that time, you’ll want to change your policies,” he added.

Alongside such behavioral liberty, it’s still important for practices prepping for the interactive plunge to establish certain use guidelines — Media use stage 2, so to speak.

“If you’re going to go social, you need to have some guardrails in place,” Harlow continued, those checkpoints being the following:

  • Understand HIPPA or other potential privacy violation. “The same rules regarding patient privacy that apply to everything else you do in healthcare also apply to social media.”
  • Understand common law liability. “Consult with your legal advisers early and often.”
  • Clearly define roles and responsibility in social media policies and procedures.
  • Observe religiously all the shalts and shalt nots. “Look at where other practices have done well and done wrong, then act accordingly.”
  • Train your staff in policies and procedures. “Extend your code of conduct one step beyond an internet usage policy to cover social media platforms well.”
  • Do not practice medicine online. “Initiate the relationship in real life and obtain appropriate authorization fromm the patient to continue dialogue online.”
  • Take conversations offline when you feel that comments or questions on your social media platform are approaching HIPAA violations.
  • Prominently post policies and procedures and incorporate them into off-line documents as well.
  • Regularly monitor your social media platforms for questionable posts and comments at least once a day.
  • Visit and revise your policies and procedures regularly.

“The hope is that your practice can walk, run, and even fly  if you put the right foundation in place,” Harlow said. With the above criteria in place and respect paid toward the power of the media tools being used, an organization’s outreach can be nearly limitless.

And in this rapidly evolving technological environment, practices shouldn’t waste time attempting to control the message, let alone worrying about it.

“Folks live in fear of losing control of the message,” Harlow said.

“A little secret: We’ve already lost control of the message."