Hospital social media best practices to mitigate risk

Aurora Health Care revisits its social media policy more than any other policy, according to compliance officer Andrea McElroy. Among some of the lessons Aurora has learned along the way:

Keep reviewing the policy
Because of the fluid nature of social media and potential risks it carries, the Milwaukee-based health system reviews the social media policy regularly, according to Report on Medicare Compliance. Like Aurora, continue to review the hospital social media rules. The social media committee should ask: Is the policy outdated? What new technologies or legal considerations must be considered?

Make the policy visible
Initially when Aurora launched a social media policy, employees couldn't find it, which was tucked away on the system's Intranet under the electronic-usage policy. The policy had combined guidance on electronic records, telephones and computers with several new pages about social media. Instead, consider publicizing the information on the company website, as Mayo Clinic does. In addition, Mike Morrison, a hospital media relations officer, on Hospital Impact, recommended after developing a policy, to make sure employees know about it through organizationwide announcements and orientations for new employees.

Draw provider-patient boundaries to protect medical information
When patients want to post pictures of their nurses, complimenting them on a job well done, they may inadvertently reveal medical information, such as the name of an IV drug in the background. Instead, nurses tell patients who want to post pictures of caregivers, "I appreciate it, but unless it goes through the communications department, I can't permit it." Kindly letting patients know about the policy can avoid an awkward situation, Report on Medicare Compliance noted.

Providers, who are discouraged from friending their patients, also should refrain from mentioning patients' conditions online. For instance, a physician's office manager commenting on a patient's Facebook photo, congratulating the patient on her weight loss and asking if her diabetes has improved could violate HIPAA, according to Business 2 Community. The covered entity (the healthcare provider) disclosing personally identifiable health information is a breach of patient privacy rules--even if it's well-intentioned.

In a similar situation, providers should consider the risk of "outing" patients if they encourage patients from "liking," linking or commenting on hospital and disease-specific sites, according to a study from Children's Hospital of Easter Ontario Research Institute, published in the Journal of the American Medical Informatics Association.

"[S]ocial network-based communications between (teenage) patients and between patients and healthcare providers will likely increase; there's a need for guidelines on such communication," Khaled El Emam, the Canada research chair in electronic health information at the University of Ottawa and the Children's Hospital of Eastern Ontario Research Institute, said in a research announcement.

For more information:
- read the Report on Medicare Compliance article
- see the Business 2 Community article
- here's the Children's Hospital research statement and study

Related Articles:
Hospital Facebook page success hinges on time, effort put forth
Set clear social media policy before unlocking access
5 social media tips for apprehensive hospitals
4 social media dos and don'ts for docs
Why hospital social media matters
Is it time to update your social media policy?
Patients choose hospitals based on social media