How Does HIPAA Apply To Social Media Marketing?

Prospecting on Social Media While Protecting PHI and Maintaining HIPAA Compliance

by James Speed of Pawsitive Marketing

25860 Lahser Road, 
Southfield, MI 48033

GUEST BLOG BY AUTHOR JAMES SPEED OF PAWSITIVE MARKETING:

Prospecting on Social Media While Protecting PHI & Maintaining HIPAA Compliance

Social media marketing is one of the most important marketing tools for businesses of all kinds. It allows medical practices and other organizations to meet people where they are already at — on social media platforms like Facebook, Instagram, and Twitter.

These platforms let you communicate with and reach customers 24/7 in a way that is familiar and authentic to them. Social media marketing is ideal for just about any budget and use. Businesses that don't use social media are potentially missing out on reaching billions of customers. 

Better understand you customers

Social media allows us the metrics and reporting necessary to understand who our customers and prospects are and who is engaging with our content. 

SOUTHFIELD

© 2019 Big Water Technologies. All rights reserved

FOLLOW US ON

Twitter
Facebook
LinkedIn
Instagram

ABOUT US

Since 2009, Big Water Tech has been your trusted source for tech advice and the best service around.

The Rules: 2 simple rules to avoid PHI

1. The patient may post whatever they want on any platform they want.
   
   
2. The patient making such a post does not allow you to confirm a patient-healthcare provider relationship.

Improve acquisition

Studies show that people are making healthcare decisions online. That means that if you aren't online, you're missing out.

Drive customer retention

Make sure your patients know everything that you do and they come to you for everything you'd like them to! 

Review sites and directories also greatly influence people's decisions on where to get healthcare. Sites like Google Reviews and Yelp are increasingly being used by patients to select a healthcare provider. A 2011 study by the Pew Research Center showed that almost 80 percent of online users use Facebook Recommendations to look up information about health care providers. Another study conducted by Vitals showed that about 85 percent of consumers are more likely to choose a doctor over another based on high ratings and reviews.

There is no doubt that healthcare providers who use social media and digital marketing to reach patients have the upper hand. However, you must follow HIPAA rules when conducting social media and online marketing. So, how does HIPAA apply to social media and online marketing?   

Why it's important

James is a marketing consultant and facebook ad specialist. He has excelled in sales for over a decade with multiple Fortune 500 companies and high demand local businesses. James has consistently blown past sales goals and strived to be a leader in sales strategies. By setting organizational objectives and sales quotas, he has been able to improve revenue from sales continuously. Through this experience, James has gained valuable insight into sales and marketing that can apply to almost any business. James strives to spearhead new marketing initiatives - some of which have brought about 6 figure changes in revenue for our clients. James' purpose with Pawsitive Marketing is to help local healthcare-related businesses grow through digital marketing and increasing their web presence. While assisting medical practices, it is imperative to keep patient health information protected, with secure and effective digital marketing. At Pawsitive Marketing. keeping our clients HIPAA compliant is more than just our business; it's our passion.

James Speed's Tips to Stay in Compliance: 

Here are some tips to help you stay in compliance with the two rules (listed above) when using social media marketing. 

Have a written social media policy.

Every practice needs to have a written social media policy that is readily available to your staff. Define your purpose for using social media within your company.

Assign Roles ahead of time.

Decide who will post photos, write status updates, and respond to potential patients. Identify a back up social media manager, if needed. Create a few ready-to-go responses. These will help your staff stay in compliance with HIPAA rules. 

Regularly review & update your social media policy.

As the government issues new guidelines about social media, update your social media policy. Also, include your social media policy as part of your Annual HIPAA Risk Analysis. 

Never confirm a patient-provider relationship on social media.

If a patient leaves a review, a simple thank you is all that is needed. If they leave a negative review, respond quickly and respectfully, but again, don't confirm a relationship with the patient. Instead, invite them to reach out to you offline. 

Remove comments (where you can) that violate HIPAA.

If someone posts PHI on your business page, it's still your responsibility to remove it. So, make sure you have the ability to remove any comments on your website or social media pages that contain PHI. Yelp and Google both have avenues for getting reviews removed. 

Many practices will screenshot patient reviews and utilize them in their marketing. This practice of screenshotting reviews is absolutely not ok. Remember, a patient can post what they want wherever they want. The patient's post does not mean you can utilize this content, especially if the review contains PHI. Breakdown: if you're going to use patient testimonials on your website and social media, make sure you obtain authorization before posting the testimonial. 

Don't post testimonials without written authorization from the patient.

Prospective patients highly utilize Facebook recommendations; however, there is no way to remove a recommendation once it is posted. Some HIPAA consultants recommend businesses turn off the Facebook™ recommendations for this reason. If you do have a Facebook™ business page, don't tag patients or share information that can identify a patient. 

Use Facebook™ recommendations carefully.

Don't interact with patients on your personal social media accounts. Make your pages private and don't accept Friend or Follow requests from patients. You might even consider using a pseudonym so that it's hard for patients to find you on social media. Most importantly, let your staff know that they should also avoid contact with patients outside of the office. 

Avoid personal contact with patients outside the office.

It is important to respond to patient reviews and comments on social media and sites like Yelp or Google. Reviews help build online credibility with prospective patients who are looking at the office. Instead of posting patient reviews directly on your website, link out them.  Simply say "Check out all of our 5 Star Reviews" and then provide a link to the review page. Linking to offsite reviews is an easy way to show off your reviews while staying HIPAA compliant. 

Link out from your website to Google or Yelp reviews.

What does this all mean for you?  

It's simple - If you deal with PHI, it is crucial to make sure that your marketing is following HIPAA guidelines to ensure you and your patients are protected. You can't ignore social media without losing out on business but you can't ignore HIPAA either - you need someone who understands the intricacies of HIPAA compliant marketing on your side. 

ABOUT BIG WATER TECH:

We keep IT simple. You need your tech to do what you need when you need it. That's where we come in. We help businesses grow by giving them confidence in their tech. We are a bespoke IT firm, we tailor every solution to fit your needs. We work with how you work. We are compliance and security experts. Ready to create your perfect office tech setup? We do that. Need phones? We do that. Need building security, wifi, and a network? We do that. Tell us how you want your office to work, and we make it happen. From security education for your team to the cloud and everything in between, we keep IT simple. Ready for technology that simply... works? Call Big Water Tech, today.