By responding to a patient review on social media recently, a Texas dental practice found itself in hot water with the U.S. Department of Health and Human Services (HHS) and the Office for Civil Rights. While the dentist will probably not be fined for misusing patient information, the practice did have to spend money for specialized legal counsel. The dentist likely spent many sleepless nights worried about the consequences of this unintentional breach.
The lesson to be learned: Social media opens the doors to all sorts of HIPAA violations. Your office can take specific steps to ensure you don’t run afoul of patient privacy law.
If you won’t say it in your waiting room, don’t say it online.
Read your social media content aloud before you post it. If there’s information you wouldn’t be comfortable announcing in front of patients, it probably doesn’t belong on social media.
Use caution when replying to comments on review sites and in real-time venues like Twitter.
Immediate responses aren’t required, and it’s often better to let some time go by before you reply. Don’t use the patient’s name or specific treatment information—even if the patient’s original post identifies him or her.
Don’t discuss patients online, even in general terms.
Social media makes connecting the dots very easy. Even if you don’t mention your patient’s name, other readers can often identify the individual you’re describing. This is, incidentally, also the reason we encourage clients to report every data breach; affected patients can easily find others online and trace the breach back to your office.
Don’t mix personal and professional.
If you want a personal presence on social media, don’t use your practice page for that sort of interaction.
Assume anything you say online is public information.
There’s no expiration date on internet content, and anything you post today may well be accessible a decade from now.
Dentists have a unique perspective on topics that interest patients. However, the demand for this information must be balanced with how information is used, who may access it, and who else it can affect.