Malecki Brooks Ford Law Group, LLC | Healthcare Law

Fiercely Loyal, Laser-Focused

To Post or Not to Post: Tips Regarding Use of Social Media

Healthcare providers and healthcare entities are becoming increasingly reliant on social media to provide up to date information to patients on the availability of services, such as telemedicine visits or COVID 19 vaccine availability. It is an excellent way to keep people connected. However, it has certain risks that you should keep in mind before you “post” or “share” that endearing picture of a patient and his or her family members.

Use of personally identifiable information without proper written authorization can be a HIPAA privacy or security breach. Personally identifiable information includes direct, or “facial” identifiers of an individual or of relatives, or household members of the individual. Many “identifiers” are obvious such as name, address, date of birth, but do not forget it also includes voice prints, full-face photographic images, and any comparable image. You must also pay attention to who is in the background of the photograph such as other patients or family members or staff. To avoid this problem always obtain a signed HIPAA authorization from the patient or the personal representative which permits you to post the picture, imagine, etc.

You should also think through the implications of the content of your social media campaign and who is authorized to add content. Are you posting information that will be relied on? Is it accurate? Is it up to date information? Does it meet current standards of care or guidelines, or recommendations? Does someone review the content in advance of posting the information or does your practice manager or marketing or public relations person post as they see fit? Do you need to add a disclaimer?

If you have not already implemented a social media policy, it is time do so! Make sure it addresses patient privacy and HIPAA as well as the consequences for violation of the policy by staff. Just one unauthorized post of a patient image can result in a HIPAA violation, regulatory scrutiny, and a public relations nightmare that could adversely affect you and your practice.

Have you looked at your organization’s social media activity? If not, make it a habit to do so regularly. Many patients seek information about you or your practice via social media. They will likely read any available reviews or comments in deciding who they want to provide their healthcare. Hopefully, the review of your social media activity does not reveal HIPAA violations such as a staff member posting photographs of a patient.

For further information please contact us.