HIPAA Social Media Rules For Your Medical Practice.

Does your Medical practice use social media? It’s a reliable way to reach, educate, communicate, and draw in new clientele. However, if your business falls into the health and medical care category, you must follow HIPAA social media rules for all online actions. These rules outline what you can and cannot share, say, or post on both business and personal pages of the establishment and all staff.

Unfortunately, many private facilities shy away from any form of social media engagement due to fear of violating HIPAA rules. This leaves these businesses missing out on valuable audiences that are not only listening, but looking for them online.

Consider the following: 

  • – 80% of internet users search for health information, and almost 50% would like information about a specific doctor.
  • – 60% of consumers say they trust doctors’ social media posts.
  • – More than 75% of Americans use social media to research their health symptoms.

Do you run or work for a business in the health care sector and are ready to take your visibility online? Follow along to discover how to be HIPAA compliant on social media and what this looks like for your pages.

HIPAA and Social Media

When it comes to health care, social networks play an important role in everything from information gathering, to connecting with people going through similar experiences. 

The Health Insurance Portability and Accountability Act (HIPAA) established in 1996 works to protect the privacy and health information of patients to ensure complete confidentiality. This act came into play long before the introduction of social media but clearly impacts what health institutions can and cannot share online.

When in breach of the HIPAA social media guidelines, violators face lofty penalties which could include a fine or even loss of license. For this reason, the importance of HIPAA compliance on social media is crucial for both the institution and patients alike.

HIPAA outlines that any and all PHI must be kept off of social media platforms unless express permission has been granted by the patient.

What Is PHI?

In order to follow the HIPAA social media rules and maintain compliance, individuals must first understand what’s classified as PHI.

PHI stands for personal health information. This includes all information about a patient, their care, and any details that could expose their identity.

This includes but is not limited to:

— Names, including nicknames social media handles

— Address or location hints

— Dates such as birthdate, appointment dates, treatment duration dates

— Phone or fax number

— Email address

— Web URLs or social media links

— Social security number and any other account numbers

— Medical record or health plan number

— Photographs and scans

— Vehicle description or number plates

— Fingerprints, retinal scans, or voice recordings

— Anything that could give hints regarding the patient’s identity

The only time in which any of this information can be shared on social media pages is when a patient has given express written permission. However, the patient must have a clear understanding of exactly how the information will be used and the purpose of sharing their details.

A signed agreement including clear indications of how the information will be used must then remain on file. This is essential to confirm the patient’s willingness to participate. Verbal agreements are not sufficient permission. Lack of physical proof of permission may result in HIPAA violations.

What’s Not Allowed

So what does this look like for your online sharing? The PHI information outlined above must not be divulged in any way, shape, or form on a digital platform for all health and medical field professions. This includes all posts, comments, replies, or online messaging.

Posts:

A medical business account and any associated personal accounts may not share any photographs of the patients, details of their treatment, or any other PHI indicators (without a signed agreement that is kept on file).

Even if you do not mention the patient’s name or demographics, giving a detailed description of their condition, the treatment, and even the results could expose the identity of the individual and breach their privacy rights. Even if the patient has shared their story on their own page, you must gain express permission before sharing any details.

You also cannot repost anything they have posted on their account, as this would give direct reference to the individual.

▪️This applies to any posts on social media, as well as blogs, forums, and any other online platforms.

Comments

A simple mistake that could breach HIPAA compliance on social media is the acknowledgment or disclosure of information in comments. These comments could be either on your own post or another user’s social media account.

Even if the information is available elsewhere, the business is not permitted to disclose details. This includes stating that they treated that particular case, when it happened, and mentioning who was involved.

▪️This applies to news posts, patient posts, other medical professionals, and any other online resources.

Replies

Businesses are encouraged to respond to comments on both social media platforms and sites such as Google My Business. Responding to comments and reviews is a great way to build relationships and boost engagement for your establishment.

Unfortunately, a HIPAA violation can occur when replies reveal too much information. This can include calling the reviewer by name, making reference to their treatment, or even defending the actions of the clinic by explaining the details of a situation.

Seeing as it is human nature to defend or acknowledge details, responding to feedback can be a difficult area in the healthcare profession. If you are ever unsure about what you can and cannot communicate in a reply, it’s always best to offer less.

If a comment has asked questions or stated information that you cannot safely reply to, you can always leave a comment stating that privacy laws do not permit you to disclose certain information, and where they can contact you if they have any concerns.

Online Messaging

Online messaging platforms have made group messaging and communication easier than ever. However, if you choose to use these online messaging platforms for work applications, there are guidelines you will need to follow.Just follow the same guidelines we mentioned above in ‘replies’. 

When online messaging, you are not permitted to share any PHI in direct messages or private chats. As per HIPAA, this applies to any online and offline conversations with individuals who are not privileged to the information.

Furthermore, any online conversations with other staff members or practitioners may not disclose PHI or reveal details. Because these conversations are now part of the digital cloud of social media, the conversations run the risk of being exposed.

Also, when discussing specifics of a patient, treatment, or in-office situation, all conversations should be private and offline.

What Is Allowed

While these social media rules may feel limiting, there are still several post formats and engagements you can partake in. 

Just like any other business, health care accounts are still encouraged to engage with individuals online. Your practice can do this by offering helpful information and insights with their posts, comments, and replies.

Content ideas that you can post about on social media 

  • -Share mental health tips that may help your specific client-base
  • -Link to new research related to your specialty
  • -Share inspirational or motivational quotes
  • -Let clients know about upcoming events your practice will be hosting or participating in, that will be open to the public.
  • -Brag about any awards your practice has received.
  • -Let clients get to know you better with staff bios and photos
  • -Offer discounts or special offers.
  • -Promote posts from your website’s blog
  • -Announce new business partnerships
  • -Post your reviews anonymously 

You Can Post With Compliance

Without disclosing information, there are several posts that you are permitted to share online. Any patient-generic information or advice that could benefit your patients may be posted on both social media and blogs.

This could include tips and advice about health conditions or even research articles about a relevant concern. The key to these information pieces is not referencing actual cases. As long as you do not mention your own experiences with treating clients or the cases you have observed, you will not be in breach of any social media rules.

You may also share information about events you will be taking part in. This could include upcoming specials, promotions, or celebrations. You can even brag about accomplishments such as receiving a business award or specialist certificates.

Many practices find it beneficial to introduce their staff and practitioners online with a brief bio and photograph. This encourages familiarity for clients who wish to seek treatment from your facility and serves as a business promotion for lead generation.

You Can Respond to Reviews

Reviews have become as valuable as a personal recommendation for potential clients. How you respond to your reviews could make or break your growth. Of course, as discussed above, even information revealed in reviews does not permit you to share PHI.

When responding to both positive and negative reviews, the safest options for HIPAA compliance include:

Thanking the reviewer for their feedback:

-Ask the reviewer to contact your office for questions, clarification, or to resolve problems. 

-You can also offer a solution to problems via an in-person consultation or a free appointment.

Responding ensures your audience that you care about the client’s concerns. They will see that you value feedback and that your office takes measures to provide the best possible service and experience.

You Can Engage in Conversation

When you are online with a business account, you are representing the views of your establishment with every interaction. This means the posts you like, comments you leave, and shares you save are all reflecting on your business.

It is important to consider all online actions and understand what messages they will send to consumers. This is applicable for any industry but especially true in the health sector.

You can reply directly to comments on your posts, but make sure to do so without mentioning names or disclosing information. 

You can also comment on posts by other professionals and even share their posts on your own page with appropriate credit.

If your posts follow HIPAA social media guidelines, your practice has the opportunity to grow considerably. Just remember, if you wish to share photos of events and celebrations, make sure that all individuals who appear in the content sign a release form.

Benefits of social media for your practice

As we all know, the majority of individuals partake in social media, which means that people are likely to look up your organization on these platforms. 

It can also increase your patient volumes, help you control the accuracy of health-related information available online, strengthen your relationships with current patients, and broaden your exposure to potential patients. 

Another perk is that patients are able to easily find your office online, view any information that you post, read online reviews left by other patients and be kept up-to-date on any changes to office hours, personnel, or protocols. 

In a nutshell, using social media platforms will enable you to promote your business easier and faster than just word of mouth and traditional advertising. 

HIPAA Compliance on Social Media Conclusion

Think of social media as your digital bedside manner – and gain a competitive edge for your medical practice. When used correctly, social media can take a medical practice to the next level by utilizing the existing platforms to reach current and potential patients already accessing social media daily. So don’t shy away from posting! 

Now that you understand the purpose of HIPAA social media rules and guidelines, you can ensure your social media activity is never in breach. From understanding what you may and may not share, you can rest assured that your business will never face fines or license suspensions due to your online presence.

Are you ready to take the next step and expand your medical organization’s social media footprint? Our award-winning digital marketing team at ModFXMedia is standing by to show you how you can do just that. Contact us today to schedule your discovery session.


 🔸CHECK THIS OUT! Why you’re here, read how your Medical practice can Make 30K in just 30 Days! We share with you our 10 important Key Factors that we have personally used to help other practices accomplish this!

Read More

What Exactly Is Permission Marketing?

How many times you have signed up to receive an email notification and special offers from different brands and services. I know the answer, “Yes, many times.” When I open my email, I can see tons of notifications and promotions about products from Etsy and Amazon, etc.  

Since I am a member of Bealls, a local departmental store, they text me on my mobile device whenever there is a special offer. This is known as permission-based marketing.

What Exactly Is Permission Marketing?

Permission Marketing is when you give the recipient of the email/message an option, whether the audience should receive the promotional message or not, it would be their choice.

Permission marketing has become a very popular marketing strategy during the boom of digital marketing and social media marketing

Subscription emails, application updates and emails/messages- these are all very good examples of permission marketing. 

Permission marketing is where the users have chosen to receive the emails and other promotional messages of a specific company-i.e your company. 

They do this by subscribing to your website or they install your company’s applications on their device.

How Did Permission Marketing Come About?

In 1999, Seth Godin first floated the term ‘‘permission marketing’’ in his book, Permission Marketing: turning strangers into friends, and friends into customers. He discussed the concept of permission marketing as something personal, relevant, and expected. Permission Marketing is contrary to the traditional type of direct and promotional marketing where you send one email to all the customers in the database without their permission.

Permission-based Marketing Vs Traditional Marketing

Yes, there’s a difference between Permission Marketing and good ‘ol Traditional Marketing. 

Permission marketing is when you do a little research about your target customers. For example: Better Homes and Gardens uses permission marketing when doing their giveaways. 

These giveaways are usually sponsored by other businesses, such as Honda, Lumber Liquidators, etc.  which is clearly explained while you the individuals are signing up to enter the contest. 

Another page is brought up which offers free subscriptions and permissions from the sponsors. I think most people believe they’ll have a better chance of winning if these permissions are clicked yes, and way at the bottom of this list is the enter button. 

This clever type of permission marketing got the individual to sign up for other businesses newsletters and promotions- they got their permission! But, this is only one way that Permission Marketing is used in a marketing strategy- we’ll go over more strategies in a minute. 

First, let’s move onto what traditional marketing is. 

Traditional Marketing

Traditional marketing is a type of marketing where marketers use traditional platforms such as: print, broadcast, direct mail, email and telephone/texts.

Before the popularity of digital marketing and social media marketing, traditional marketing was the choice of companies to promote their products to their customers. With the boom of digital marketing and everyone glued to their phones traditional marketing has been expanded into sub-categories in which business use to better market their products and services.

Traditional marketing falls under the type of marketing category called blind marketing. To give you a better understanding we’ll use our Better Home & Gardens example above. Better Homes and Gardens would send one (or a 4 week) blast email to all their signed up customers without mentioning their previous history with them. 

Customers receive such promotional emails all the time, and they usually avoid looking at the emails.

Benefits of Permission Marketing

Some of the benefits and advantages of the permission marketing strategy are as follows:

Cost-Effective Strategy

Sending emails and messages is much cheaper than any other kind of marketing technique. All you have to do is to research and send precise and relevant information to the customers. If the information is relevant, they won’t ignore your message and hopefully your business converts a new customer at a low cost.

Higher Conversion Rate

The conversion rate is higher in permission marketing than the traditional type of marketing because you follow the personalized approach with your target audience and develop a relationship with your targets. 

When you provide the relevant information, it makes the bond much stronger and increases the conversion rate.

Personalized

One of the most interesting features of permission marketing is the personalized approach. It means that you invoke the previous history and start things where you have left them. It makes the customers feel that you haven’t forgotten about them. By mentioning their name and the previous records/appointments/products it makes your business connect with them immediately.

Long Term Customer Relations

When you provide relevant information, you’re following the personal approach which makes them feel comfortable and valued. These types of relationships with your target customers usually last longer because they have a shared common history with your business. 

Maintain Reputation

When you follow the personal approach and ask their permission, then it makes the consumer feel under control. Because of this, when you send out an email or text blast they are less likely to ignore them and click through to your desired goal -i.e a new landing page, sale, new product, service etc. 

When people don’t avoid your messages, it means that you have maintained a good reputation in the community.

Levels of Permission in Permission Marketing

There are different levels of permission in the permission marketing strategy, which are:

Intravenous Permission

Intravenous permission is the highest level of permission a consumer can give to the consumer. The permission is in the form of a subscription.

Buying the subscription of Netflix or Hulu is a very good example of intravenous permission. When you buy the monthly package, whether you watch it or not, the channel would charge money for the whole month because it has the right.

Points Level Permission

Point- level-permission is a type of game. We mean this literally, you see this a lot in game apps. You also see this alot with credit cards and any clothing store points subscriptions. (Walgreens is another common one that uses this).

Points Level Permission is the second highest level in permission marketing. 

Points are a good way to keep a consumer’s attention, and are a good way to solve the problem. Spend more, get more points. 

Points are also a good way to reward consumers for paying attention or for buying something.

The object is- Your business would reward customers with different points if they remain attentive. In the end, customers can cash out those points. If the consumer remains more attentive, then they would earn more points, and more points means more money.

You’ll notice this with a lot of game apps. They’ll reward you with daily points or coins to get you to play. If you spend more money when you’ve used all their free points, they’ll give you a better deal and rewards.

Personal Relationships

The Personal relationship level is usually used in business relations, where you leverage the personal relation and ask something in return. It’s like word of mouth marketing.

It’s a business strategy that builds and nurtures long-term personal connections between your brand and your existing customers, increasing engagement, satisfaction, and loyalty.

For example, T-Mobile captured the elusive millennial market. They began offering consumers mobile service without contracts. This approach proved wildly successful, improving customer satisfaction, engagement, and referral business.

On top of this to build relationships they provided weekly thank-you gifts and customer rewards to participants.

In addition, they focused on their mobile app, offering reward redemption opportunities and targeted offers that captured customers’ attention and enhanced engagement. 

Brand Trust

Brand trust is often the desired level of permission marketing. However, brand trust can be lost with one misstep. For example, Coke nearly lost all of its brand trust overnight when it introduced its new formula.

But don’t let this deter your business from looking into this strategy. Brand trust is a bit lower level strategy when it comes to permission marketing- you may pay a heavier price to certain brands, but the company would provide you with a high-quality product. Starbucks coffee and Campbell’s soup are a very good example of brand trust.

Situational Permission

Situational permission is the lowest level of permission where you ask for a certain thing depending on the situation.

It requires that the contact is first initiated by the customer. Once the customer makes first contact, situational marketing can occur. 

A good example is when you go to a fast food restaurant like McDonald’s. You put in your order and they would ask “would you like to supersize your order?”. Or if you’re at a restaurant and you order a margarita and they ask you if you would like top shelf tequila. These are good examples of situational permission- upselling to the customer. 

Spam (No Permission)

Spam is the level where you don’t have permission. 

Permission Marketing Examples

Some of the examples of permission marketing are as follows:

Opt-in Emails

Opt-in-email is a very good example of permission marketing. It means that the customer has chosen to receive the promotion of certain products. The company only sends emails to those clients who have chosen the opt-in email.

RSS Feeds

An RSS feed is when a company sends a notification to all of its subscribers about the latest promotion.

Loyalty Cards

Loyalty cards are when companies encourage their customers to keep shopping for their products, and the brand provides gifts to their most loyal customers.

YouTube

YouTube is a product of Google and it’s where content creators share videos. When a channel uploads something new then all the channel’s subscribers would receive the notification.

Facebook

Facebook is a social media platform where people share and post written, pictorial, and visual content. However, marketers would like to connect with those people who are influential and many people follow them. When they endorse your product, hundreds of people then try your product because of their referral.

Conclusion

Is your business interested in using the different types, levels, and benefits of permission marketing in your marketing strategy, but still aren’t sure how to effectively implement it? 

At ModFXMedia, our team is an amazing mix of analytical and creative-minded people, each of us capitalizing on our own strengths to prop up the team as a whole. We use our strengths to scale and boost your business on all platforms. 
If you’re interested in incorporating permission marketing into your marketing strategy, click here to schedule your FREE strategy call with our award winning marketing team

Read More