The pandemic has changed a lot for healthcare providers – including their social media use.
Most providers we talk to say they have increased their use of social media during COVID-19. Some providers are turning to social media to disseminate information about COVID-19 precautions, and, now, vaccine availability. We also see many providers using social media to keep the public informed, and to keep people connected during visitor restrictions. Many nursing homes are posting resident pictures and videos on Facebook or TikTok to give their loved ones a glimpse into life inside a nursing home during a lockdown. These strategies have led to creative – and often charming – social media campaigns.
For example:
- Photos of residents visiting with horses through their room windows
- TikTok videos of nursing staff dancing with residents for their daily exercise routine
- Photos of nursing home residents holding up chalkboard signs that say “What my nurse means to me….”
- Photos of residents visiting with their children through a glass window on Mother’s Day
I truly enjoy these posts, and I appreciate the clever social media campaigns and the connection they bring during a challenging time.
BUT – All of these social media uses bring risks. If you decide to embark on a new social media campaign, make sure you keep HIPAA at the forefront.
When protected health information is shared inappropriately, the Privacy Rule can be violated – which means you will be conducting a potential breach investigation. There are also security risks inherent in social media use. And, when the wrong information is shared, it can go viral and make headlines very quickly.
Remember: Obtain a signed HIPAA authorization from the patient BEFORE taking the picture or making that post.
What you can do:
Continue to look for creative ways to use technology to keep people engaged during the pandemic – but also keep HIPAA at the forefront of your expanded technology uses:
- Do not post any patient-specific information to social media without first obtaining a HIPAA authorization. This includes patients in the background.
- If you have not already done so, implement a social media policy that specifically addresses HIPAA.
- Prior to using a new social media application, evaluate the risks with your HIPAA Security Risk Analysis process and mitigate any risks.
- Maintain close communications between your HIPAA Privacy and Security Officer, and your marketing or public relations personnel. All marketing and PR communications and programs should be vetted for potential HIPAA risks.
- Regularly review your organization’s social media activity to ensure it is HIPAA compliant.
- Train staff about appropriate social media uses during COVID-19 – the HIPAA stakes are higher during a pandemic.
- Get a HIPAA authorization before taking a picture or posting about a patient.
