Social Media Policy Instructions for Your Practice

April 6, 2017
Michael Sacopulos, JD

Creating, implementing, and enforcing a social media policy at your medical practice is a must in 2017.

In this digital age, every business needs two social media policies: one for material posted in the organization's official social media communications, and one for employees' mentions of work-related matters in their personal social media communications.

The unique nature of a medical practice makes such policies essential, as HIPAA regulations require all providers have policies, procedures, and systems to protect patient privacy. Here are some tips for creating and implementing an effective social media plan at your practice.

Outline Extent of the Policy: Employees need know that you are not trying to run their personal lives, online or off, and your policy only applies to work-related matters.

Technology Covered: List the most popular social media sites and apps, including Facebook, Twitter, LinkedIn, Instagram, YouTube, etc. Include business and healthcare-related review sites like Angie's List, Yelp, RateMDs, HealthGrades, and others. Note that the rapid growth of social media creates new apps and platforms, and the policy will apply to new/future social media entities as well.

Unacceptable Online Behavior: This section informs employees that online activities such as posting personal health information (PHI), giving medical opinions or advice, revealing confidential business information, breaking any laws, impersonating others, making intentionally malicious comments, and other behaviors detailed are unacceptable.

Policy Violations: Makes employees aware that violations will have consequences, and defines the scope of those consequences. This section should also include language that indemnifies the practice against liabilities for actions in violation of the policy.

Policy Amendments: Informs employees that social media polices are subject to changes and updates, and that revisions will require employee review and sign-off.

Term of Policy: This makes employees aware that to protect patient privacy and business confidentiality, the life of the policy extends beyond their term of employment.

Reports and decisions issued by the National Labor Relations Board (NLRB) deal with specific cases. They have not resulted in a one-size-fits-all set of employee social media rules, nor is it likely they will. A review of the Board's memos and opinions points toward some guidelines your practice can use to help create a reasonable policy.

Implementing a Social Media Policy:

• Make sure your policy stays within the bounds of the law.

• Avoid vague terminology and sweeping statements. Deal in specifics, not generalities.

• Define terms, unacceptable behaviors, and potential disciplinary actions. Use examples when appropriate.

• Cover the policy in your staff HIPAA training and annual compliance review.

• Update your policy when necessary. This is an extremely dynamic area. Social media entities, labor law and              HIPAA regulations are all subject to change.

• Make sure all employees receive, read, understand, and sign off on the policy and any updates.

• Enforce the policy in a reasonable and fair manner. Thoroughly document violations and disciplinary actions.