HIPAA And Facebook Friends?

11/12/19 5:30 PM
Angel Carothers
Dental Front Office Team, Dental Practice Management

Businesses all over the world use Facebook and other social media platforms to connect with their customers, educate their audience, promote their brand and more. The dental industry is no exception.

When it comes to navigating social media, the question is not whether or not your dental practice should engage with Facebook but more HOW your dental practice should engage with Facebook in a manner that keeps you and your patient’s safe.

In this blog, we share important tools and resources to help you do just that!

The most important step in navigating Facebook safely is knowing what you can and cannot share on Facebook. The big rule of thumb here is to never post a patient’s identity or private information including; full names, contact information, medical information, social security numbers, dates of birth, financial information, patients in video or photography, gossiping about patients, etc. This includes tagging patients in posts and posting directly to a patient’s profile.

This rule falls under the PHI (Protected Health Information) policy under HIPAA, which prohibits any use of PHI in any marketing including social media and applies to all posts whether you are posting on your private Facebook profile, your dental practice’s Facebook page or public and private Facebook groups

The easiest way to think about this is that if anything you post could connect back to a specific patient, then you are in violation of HIPAA compliance. If you do want to use a patient’s PHI via social media or other marketing efforts, you must get their approval through a written consent form that clearly defines how, when, and where you will be sharing their PHI information. 

It can be an easy mistake for a team member to accidentally post an image of a patient, share other PHI information or assume they have a signed consent form for that patient. These small mistakes can have huge liabilities which is why it’s important to create policies and procedures within your practice that protect the HIPAA social media standards. Additionally, we recommend installing quality insurance systems when it comes to creating, approving and posting content to all social media platforms.

Once you have created these policies and systems within your practice, they must be documented and owned by a member of the team. These policies and systems must be communicated to each member of the team and be reinforced by the team member that takes ownership of them. All new team members must be trained in these policies during the onboarding process to ensure each and every team member is educated. These policies should include clear consequences should they not be followed, be reviewed quarterly, be updated as needed and shared with the team on an ongoing basis for accountability.

Creating and sharing valuable content on Facebook is a powerful tool to help your practice increase its reach, build its audience and educate your followers. There is tremendous value in sharing and engaging on Facebook and it is critical that you and your team are aware of the HIPAA compliance standards and armed with clear policies and procedures to keep your practice protected.

To learn more about the HIPAA Privacy Rule, click here.

Do you follow us on Facebook? If not why not? Follow Us