The latest social media gaffe by the healthcare industry comes from Rhode Island, where a physician was fined $500 this month for posting online, information about her experiences at work. The 48-year-old emergency department physician also had her privileges terminated at Westerly Hospital, after the board determined that she had "used her Facebook account inappropriately to communicate a few of her clinical experiences at the hospital's emergency department."
So, control the urge to post any information on Facebook, Twitter or any other social media sites that could indirectly identify your patients. Or, just never post anything about your hospital duties at all in any public venue.
The Rhode Island incident reminds healthcare leaders that organizations must have a social media policy in place, and that management must make it transparent.
Here is a quick checklist of questions to ask regarding a social media policy at your hospital. It is provided by Phyllis Patrick, MBA, FACHE, CHC, and business partner Angel Hoffman, RN, MSN, cofounders of the AP Health Care Compliance Group:
- Does your organization already have a policy addressing social media?
- Does the policy reflect the viewpoints and needs of various stakeholders (e.g., patient care, research, education)?
- How does the policy support the mission, vision, and values of your organization?
- Is your primary interest restricting or enabling the use of social media?
- Does your organization view social media as a highly effective information gateway?
- Have you asked your workforce how the organization can take advantage of the benefits of social media and avoid the pitfalls
- Have you developed a strong business case for social media use, supported at the appropriate level for each department and functional area, considering the organization's mission, vision, and values; possible threats; technical capabilities; and potential benefits?
- Does your IT staff understand that the goal should not be to say "no" to social media, but to follow good security guidance, with effective and appropriate security and privacy controls?
- How does the policy affect your relationship with business partners and vendors/contractors?
- How do you conduct training on the appropriate use of social media (on- and off-site)? Are you including appropriate use of social media in your overall security and privacy awareness training program?
- How will you capture social media traffic and audit, analyze, and use it for security and privacy investigations, as appropriate?
- Have you reviewed the Financial Industry Regulatory Authority's (FINRA) Regulatory Notice 10-06, Guidance on Blogs and Social Networking Web Sites, to determine its applicability to your organization and how you might use its recommendations to strengthen your organization's social media program? (Note: FINRA provides guidance on the responsibilities of companies to supervise the use of social networking sites. You can find the guidance here).
- How does your organization plan to use social media to generate new strategies, engage, and learn?
For doctors, social media a tricky case
AMA Releases Social Media Guidelines for Physicians
Social media rejected for healthcare communications
Few Hospitals Use Social Media Effectively, Says Study
Pages
Dom Nicastro is a contributing writer. He edits the Medical Records Briefings newsletter and manages the HIPAA Update Blog.