Essentials for Social Media Policy

4 Critical Actions to Protect Patient Privacy
Essentials for Social Media Policy
A social media policy is essential for healthcare organizations using social networks as new communication channels.

See Also: How Tri-Counties Regional Center Secures Sensitive Files and Maintains HIPAA Compliance

Social media can be effective marketing tools, but new media also create the risk of privacy violations, such as when staff members use social networks to discuss sensitive patient information, says Tatiana Melnik, an associate at the law firm Dickinson Wright PLLC. The problem is "people do not consider the potential impact," Melnik said during a session Feb. 22 at the Healthcare Information and Management Systems Society Conference in Las Vegas.

More employees are blurring the lines between professional and personal uses of social networks, Melnik says. As an employer, "your job is to prevent this from happening and monitor it."

Brian Balow, also an attorney with Dickinson Wright, offers the following tips:

  • Spell out your organization's stance on social media use. A hospital or clinic needs to decide whether to ban the use of social media in the workplace or precisely define who can use it for what purposes under what circumstances.
  • Develop a list of do's and don'ts for staff members. Instruct staff members to refrain from posting protected health information and "think twice before you hit post," Balor says.
  • Provide training and enforcement. "Having policies will not help if they're not properly enforced," Balor says. Ensure employees are aware of the policies, trained on them and understand the ramifications of violations. "If you're not willing to take enforcement steps, don't even bother with a policy because it has no teeth," Balor says. "People won't follow it."
  • Comply with the NLRB Act. The National Labor Relations Board Act was enacted to help protect the free speech rights of employees, Balor explains. "Policies may not be overly broad," he says. "They can't have sweeping, generalized statements. They have to be particularized." For example, there needs to be guidance as to what's private or confidential information that cannot be posted.

Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.


About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.