Is it time to update your social media policy?

Karen Cheung

 Karen M. Cheung

A new physician at the hospital just sent you a Facebook friend request. As his superior, do you accept or reject? What do you do if the hospital's Facebook page includes pictures of pediatric patients? What about pictures of medical staff's kids who come in for holiday parties? Who maintains the posts and reviews comments for nasty language--a marketing director or physicians?

Every organization has to weigh on these decisions, form their policy, clearly spell it out for employees and, in some cases, make them sign an agreement to follow it. And even if you have a policy on the books, when was the last time you updated it? Was it before FourSquare existed? It might be time to take another look.

With the Federation of State Medical Boards (FSMB) this week releasing new guidelines for physicians on this particular topic, FierceHealthcare is dedicating this week's commentary to a round-up of the best practices to help hospitals draw on other policies to see what fits at their institutions.

Respect patient privacy
Number one, of course, is to explicitly spell out that social media users must respect patient privacy at all times--not only on the organization's social media sites but also on personal accounts.

"Physicians have an obligation to prevent unauthorized access to, or use of, patient and personal data and to assure that 'de-identified' data cannot be linked back to the user or patient," FSMB said in its guidelines. "While physicians may discuss their experiences in non-clinical settings, they should never provide any information that could be used to identify patients. Physicians should never mention patients' room numbers, refer to them by code names, or post their picture. If pictures of patients were to be viewed by others, such an occurrence may constitute a serious HIPAA violation."

Keep work and personal life separate
Like FSMB, the American Medical Association's (AMA) social media policy stresses provider-patient boundaries and encourages physicians to use separate personal and professional content online.

In addition, AMA encourages doctors to act as social media moderators; when physicians see content posted by colleagues that is unprofessional, "they have a responsibility to bring that content to the attention of the individual, so that he or she can remove it and/or take other appropriate actions. If the behavior significantly violates professional norms and the individual does not take appropriate action to resolve the situation, the physician should report the matter to appropriate authorities." Consider spelling out who the proper authorities are in your social media policy, depending on whether the offense is unlawful or just in poor taste.

Reserve the right to pull content
Cleveland Clinic's social media policy is very specific that anyone who uses social media has, by default, "signed" its agreement to abide by its terms. The policy warns users about respecting copyright laws in posting pictures and videos and also points out the health system has the right to "monitor, prohibit, restrict, block, suspend, terminate, delete or discontinue your access to any social media site, at any time, without notice and for any reason and in its sole discretion." Cleveland Clinic may remove, delete, block, filter or restrict by any other means any materials at the Clinic's sole discretion, the policy firmly states.

In addition to patient privacy, provider boundary concerns and lawful content issues, your organization must decide if the social media policy will include limitations on how social media users handle Facebook pages, Twitter handles or blog posts.

Require transparency
Mayo Clinic social media policy recommends that employees and students write in first person. "Where your connection to Mayo Clinic is apparent, make it clear that you are speaking for yourself and not on behalf of Mayo Clinic." Mayo Clinic also suggests that posters say "The views expressed on this [blog; website] are my own and do not reflect the views of my employer," which can be added to the "About me" section of your blog or social media profile.

Mayo Clinic also says that social media users, especially on sites like LinkedIn where an employee's affiliation to Mayo Clinic is evident, shouldn't offer personal recommendations to people, products, services or organizations.

On that note, a previous advisory from the Society for Healthcare Strategy and Market Development, part of the American Hospital Association, suggests that any hospital employee participating in social media directly related to his or her work should clearly disclose his or her affiliation with the hospital in marketing communications. It also says that a blogger trying to reach patients and communities through its marketing should disclose his or her financial arrangement if paid to review a product or service.

In the end, the social media policy is intended to set expectations for employees, but also--and perhaps more importantly--to encourage leaders to think about possible pitfalls and what the organization's policy will be.

Do these guidelines offer answers to recent challenges that you've encountered? What other social media concerns are you looking for that existing policies from the major associations haven't addressed? - Karen (@FierceHealth)

Related Articles:
Patients choose hospitals based on social media
Healthcare social media a 'moral obligation'
Most hospitals don't budget, plan for social media
Why hospital social media is a full-time job
Docs urged to use caution when building social media profiles
How to manage healthcare social media risk