How to Be Hip (HIPAA-Compliant, That Is)
May 15, 2018
Dear House Rules,
As a pharmaceutical marketer, I’m excited about our company’s social media presence and digital advertising strategy. However, some of the stories I’ve heard from my colleagues have made me skittish about violating privacy laws. I know that no marketing progress can be made these days without venturing into the digital space. How can I use social media and deploy regular digital content while staying on the right side of the law?
It’s true that digital marketing and social media are important tools for anyone trying to grow a brand, but there’s always a risk of making major and significant mistakes on a public stage. Healthcare marketers need to comply with HIPAA, and just one careless Facebook post can accidentally reveal protected health information. For example, if you’re using a case study to demonstrate the efficacy of your product – but you don’t conceal the patient’s identity adequately – you could be headed for trouble.
There was a time, of course, when social media was all but forbidden for use by healthcare professionals and pharmaceutical companies. Now, however, it’s recognized as a great tool for providing information, establishing expertise, educating and interacting with current and prospective patients, and establishing a brand presence – a particularly important function if your company is launching a new product, for example.
It’s actually not too tough to launch an effective social media or digital ad campaign and stay HIPAA-compliant at the same time.
Just remember a few simple rules:
1) Don’t talk about patients.
Posting about cases is one thing — common or uncommon conditions, novel treatments, unexpected complications. But when you cross the line between the case and the actual patient (as in a clinical trial,) your chances of revealing privileged information skyrocket. HIPAA lists eighteen criteria for Protected Health Information (PHI,) one of which is essentially “any identifying feature.” The information provided in your social media profile – names, locations, photos, dates – combined with even minimal information from the post could paint a surprisingly clear picture of PHI with minimal detective work.
2) Don’t friend current or former patients.
You would think this would be obvious, but that’s not always the case. Of course, you should also keep your personal and professional social media accounts separate. Social media is a casual and personal way of communicating, but it’s still crucial to maintain a certain amount of professional distance.
Remember that anything you post on a patient’s Facebook wall is visible to all of their friends – and that, like diamonds, the Internet is Forever.
3) Look at photos carefully.
Is that a patient in the background of your hospital-visit selfie? Is that a patient file to be used in a case study under your artistically arranged plate of sushi at a working lunch? Scan your photos like a detective on a police procedural to make sure you haven’t unintentionally caught anything inappropriate or privileged.
4) Set an office social media policy, write it down, and make sure everyone stays up to date.
Resist the urge to hand your social media passwords to the youngest (and tech-savviest) person in the office and ask him or her to handle all your posts. You may think that washing your hands of the sometimes-confusing social media situation absolves you of responsibility when a mistake is made – but that’s not the case. Make sure that everyone – of any age, in any position – knows to watch for possible violations before they post anything online, and can check the company’s content for errors as well.
Just remember: the image you portray on social media might be the only image a prospective customer will see of you.
One more HIPAA-unrelated but essential piece of advice. Make sure that every post, share, retweet, and “like” conveys something about you and/or your company that you want people to know. At Xavier Creative House, we specialize in developing social media strategies for many of our healthcare clients. We’d love to share our expertise with you, and hope you’ll reach out via web, phone, or social media soon!
https://www.patientpop.com/blog/marketing/content-social-media-marketing/facebook-meets-hipaa-social-media-guidelines-healthcare-providers/. Accessed May 8, 2018.