They say a picture is worth a thousand words- but when said picture is posted to social media, it can quickly be worth thousands more. In our fast-paced digital world all it takes is one photo- say in an operating room with the patient clearly identifiable- to entertain the Internet and quickly leave a physician, medical practice or hospital in danger of violating Health Insurance Portability and Accountability Act of 1996, commonly known as HIPAA.

So is that it?

Should all medical providers cease and desist their online following at once? On the contrary; despite the possible pitfalls, social media platforms can be a great way to connect with patients, provide valuable tips, establish trust,and position themselves as the experts in their field. With the right training and a clear-cut understanding of the rules, regulations and possible violations, physicians and healthcare companies can successfully connect with patients without ever crossing the line. Here are 6 things to consider:

1. Train, train, train

One of the biggest downfalls for companies in general is the lack of proper andconsistent training for their employees. The difference, however, for those inthe medical world is one blunder online can quickly equal tens of thousands of dollars in penalties. To avoid this, ensure every physician and new employee understand the various HIPAA and FDA regulations in regards to social media and medical marketing. Don’t forget to keep continued education a focus throughout the year, as well.

Ultimately, in healthcare, a patient’s health and privacy is the biggest priority, and it’s the responsibility of those who are managing the marketing to make sure anyone associated or employed by a medical practice or hospital has a firm grasp of what is permissible and what is not.

2. PHI violations = fines

The most important key to smart social media and HIPAA practices is to understand what is considered a violation on social networks. The mostcommon violations occur when your staff or healthcare organization does notknow, ignores or overlooks one of the 18 Protected Health Information (PHI) rules. PHI is anything that can reveal a patient’s identity. While it should be obvious that blatantly disclosing the name of a patient is a violation, it can also happen unintentionally; if a patient’s name is visible on paperwork, a monitoror X-ray document in an image, that also is considered a violation. For a full list of the 18 PHI violations, visit the U.S. Department of Health and Human Services at HHS.gov.

3. All in the details

The most important key to smart social media and HIPAA practices is to understand what is considered a violation on social networks. The most common violations occur when your staff or healthcare organization does not know, ignores or overlooks one of the 18 Protected Health Information (PHI) rules. PHI is anything that can reveal a patient’s identity. While it should be obvious that blatantly disclosing the name of a patient is a violation, it can also happen unintentionally; if a patient’s name is visible on paperwork, a monitoror X-ray document in an image, that also is considered a violation.

4. Taking ownership

We get it- it wasn’t posted under your company account, so why are you being held responsible, right? Unfortunately, even if you follow all of the rules for your company’s social media accounts, the possibility of a patient posting to your account or an employee posting on their private accounts, can still cause problems. For this reason, on Facebook specifically, it is recommendedthat physicians and healthcare institutions disable the ability for individuals to post directly to their Facebook walls. Allowing individuals to post directly to a medical practice, physician or hospital’s Facebook page could open up the opportunity for private patient information to be shown- and therefore, violating HIPAA.

If a patient posts something that is in clear violation of HIPAA to one of your account’s pages, do not engage in conversation with them about it and immediately seek guidance on whether the post should be deleted ornot. Hiring a marketing professional in the field of healthcare, is alwaysrecommended.

5. Define clear guidelines

Developing a foundation of guidelines for your social media presence is paramount to staying compliant. Creating a practice social media guideline is vital when your staff is active on social platforms. Some basic guidelines include:

  • Provide clear examples of do’s and don’ts

  • Have each social platform approved prior to use

  • Create a compliant social media marketing calendar to be approved ahead of time

  • Monitor and moderate the accounts and comments on a routine basis

  • Control who has access to the company accounts

  • Encourage employees to report any violations they see

6. Don’t forget the FDA

While everyone seems to be focused on remaining HIPAA compliant, we don’t want you to overlook the FDA’s stand on social media violations, as well. Remember, the Food and Drug Administration (FDA) tightly regulates advertising or sharing of information related to drugs and even medical devices. Physicians and pharma companies are also under strict guidelines when it comes to marketing or responding to requests related to the off- label use or procedure of a drug or treatment. Pharma and medical device companies are required to post the “good, bad and the ugly” when marketing their products. Many pharma and device companies provide physicians and healthcare institutions with social media content - graphics, gifs, videos, captions - assets as well as approved content to use. To stay within FDA compliance, it’s imperative that when using content and/or graphics created by pharma companies, it is used exactly as the guidelines require.

Should healthcare professionals choose to use social media marketing, they and their staff should always use guidelines and best practices as required to stay HIPAA compliant and FDA regulated.

At the end of the day, think before you post. Don’t share the patients’ names, personal information or photos without proper consent, keep social profiles professional and clean and never post a possibly criminal or negligent act being committed (we know that seems super common sense but you’d be surprised!)

A marketing plan is an essential tool for any hospital, physician or independent medical practice. A plan will create a thriving social media presence allowing you to inform, connect and educate patients in many of the same ways other companies have been taking full advantage of (in a good way) for years.

The first step in preparing a strategic plan, is to hire or consult or marketing professional that specializes in healthcare, like MOXY Company. Having a clear roadmap and guidelines for all in your organization to follow will help a with planning, anticipating, assessing, preparing, and protecting your organization from any pitfalls, as well as creating a successful marketing strategy.