Policy: The reason to have policy around social media is because things "move quickly" on these platforms, Smith Jones said. "You don't want to have it so your employees have to go up and down the ladder every time a decision needs to be made and it take weeks or months to respond to a particular incident," she said. In particular, Jacobo said policies can help practices understand and follow guidelines to ensure they don't break HIPAA laws by engaging with patients on social media.
Smith Jones said there should be policies for employees — both as employees in general and as official representatives of the organization — and for the general public. Smith Jones said the latter policy can include information on how the organization wants to engage on social media and what could happen if a patient puts their own health information out there for the public to see. "It's [telling them] ‘you aren't there to give one-on-one advice, you are there to give one-to-many advice,’" Smith Jones said.
Process: The last “P” of social media governance is the most important one, Smith Jones said, even though it's the most forgotten. It's making sure your organization has the processes in place to react quickly to things that are happening in the social media environment.
For instance, she said having processes in place can help practices respond quickly if they have a "bad Tweet." She listed off several examples of bad Tweets that could happen under your organization's brand including inappropriate opinions, insensitive statements, and offering a reward you can't deliver. Another incident is potentially having your social media feed get hacked, but Smith Jones noted that enacting a social media governance program can help "create a long history of healthy communications with your patient population. Over time, if your account were to get hacked, they'll know it's not you."