During a national public health emergency, healthcare providers will have many reasons to use social media. The community will likely turn to social media to learn what your organization is doing in response to COVID-19. Social media can be used to keep the public informed, ward off panic, advise patients and loved ones of new procedures or protocols, and show the public a strong response during the disaster. Social media is also being used to recruit staff, volunteers, and supplies.
Many healthcare employees are documenting – or ranting about – their challenging days at work on social media.
Patients and families might reach out to you on social media messaging apps for information.
All of these social media uses bring risks. When protected health information is shared inappropriately, the Privacy Rule can be violated – which means you will be conducting a potential breach investigation. There are also security risks inherent in social media use. And, when the wrong information is shared, it can go viral and make headlines very quickly. The majority of your employees likely use social media – and need to know what they can and cannot post about the pandemic and their, and your, role in COVID-19.
- In a Scotland nursing home, a 102-year-old resident ‘s daily exercise dance routine – done with two nurses – is posted to TikTok. In the video, the resident and two of his caregivers are seen dancing. The home claims the videos “have been a great way to get the residents up and moving, and they’ve loved taking part.”
- A Los Angeles nurse claims she was put on unpaid leave after a Facebook post she made to a private group for the nurses on her hospital floor. The post said “Hey you guys the rumors are true, our floor is becoming the COVID floor. Be careful.” The nurse also listed room numbers of COVID patients. She was fired for violating HIPAA, but believes she was fired for speaking out the day before about the lack of PPE at the hospital.
- A nursing home posted pictures of residents social-distance bowling to the home’s Facebook page.
What you can do:
Continue to look for creative ways to use technology to keep people engaged during the pandemic – but also keep HIPAA at the forefront of your expanded technology uses:
- Do not post any patient-specific information to social media without first obtaining a HIPAA authorization. This includes patients in the background.
- If you have not already done so, implement a social media policy that specifically addresses HIPAA.
- Prior to using a new social media application, evaluate the risks with your HIPAA Security Risk Analysis process and mitigate any risks.
- Maintain close communications between your HIPAA Privacy and Security Officer, and your marketing or public relations personnel. All marketing and PR communications and programs should be vetted for potential HIPAA risks.
- Regularly review your organization’s social media activity to ensure it is HIPAA compliant.
- Train staff about appropriate social media uses during COVID-19 – the HIPAA stakes are higher during a pandemic.