Social media use can pose serious issues to HIPAA compliance if information is not properly protected. Sharing photos and stories from one’s workday is commonplace on Facebook and Twitter but HIPAA compliant social media is a stranger to many professionals. In most industries, these posts are routine and harmless–no different than vacation photos or memories from years gone by. However, this increasing interconnectivity can lead to serious problems for health care and behavioral health professionals in today’s world if they include any Personal Health Information (PHI) of patients/clients. The question becomes: how can behavioral health professionals ensure that social media use is compliant with the stringent privacy and security requirements of HIPAA regulation? Below, we discuss some of the major concerns regarding medical information and social media use.
What Can You Post in Social Media as a Behavioral Professional?
The rule to remember here is that posts should never contain information that can be linked back to individual patients or medical records. Protected health information (PHI) is any demographic information that can be used to identify one of your patients. This includes names, dates of birth, addresses, social security numbers, medical data, and financial information, among others. HIPAA regulation forbids the use of PHI in marketing or social media campaigns, and should be avoided in order to protect your patients’ privacy.
Here are some of the things you can post on social media:
- Health tips that patients might find useful
- Upcoming events patients might like to attend
- New research or findings related to your field
- Honors or awards your organization has been granted
- Profiles or bios of your staff
- Advertisements of your services as long as they DO NOT CONTAIN THE PROTECTED HEALTH INFORMATION of any of your patients (including names, photos, or any other personally identifiable information)
HIPAA Policies & Procedures
The Department of Health and Human Services (HHS) has released extensive guidance on social media use. A number of policies and standards exist that outline exactly how behavioral health professionals can ensure that their practice or organization is HIPAA compliant.You must ensure that your organization has HIPAA policies and procedures corresponding to these HHS standards. One of the most important aspects of maintaining HIPAA compliance is being able to document that your organization is upholding the privacy and security requirements of the regulation.
Compliancy Group gives behavioral health professionals confidence in their HIPAA compliance with The Guard™. The Guard is a web-based HIPAA compliance solution, built by former auditors to help simplify compliance.
Compliancy Group’s team of expert Compliance Coaches™ field questions and guide users through the implementation process, taking the stress out of managing compliance. The Guard is built to address the full extent of HIPAA regulation, including fully automated documentation of policies, procedures, employee training, and remediation plans. The Guard includes policies and procedures that are uniquely tailored to the needs of your organization so you’ll never have to worry about the headaches that come with generic policy binders again.
With The Guard, behavioral health professionals can focus on running their practice while keeping their patients’ data protected and secure.
For more information about what you can do to protect your behavioral health practice, see these upcoming HIPAA educational webinars.
Find out more about how Compliancy Group and the HIPAA Seal of Compliance can help simplify your HIPAA compliance today!
Disclaimer: The views and opinions expressed in the article and on this blog post are those of the authors. These do not necessarily reflect the views, opinions, and position of the Telebehavioral Health Institute (TBHI). Any content written by the authors are their opinion and are not intended to malign any organization, company or individuals.