By Shay, Daniel F.
Medical Economics , Vol. 89, No. 19
As your practice relies more and more on electronic technologies, you foce the dilemma of managing staff members' usage of such technologies. As part of a Health Insurance Portability and Accountability Act (HIPAA) compliance program, you will want to develop policies surrounding social media usage. The following guidelines protect practices and guide employees in avoiding improper disclosures.
FAMILIARIZE YOURSELF WITH HIPAA
Probably the largest threat posed by social media usage is the potential for improper disclosure of patients' protected health information. You may think you have a handle on HIPAA, but you should refresh your understanding and learn how HIPAA applies in a social media setting. To do that, you will need to understand what information is protected and what can and cannot be disclosed - by whom and to whom.
KNOW THE ENVIRONMENT
Next, you must understand how social media themselves are used. You may be familiar with Web forums or Facebook, but do you know how Twitter and Instagram function? If not, familiarize yourself with these types of media. Remember, one purpose of your policies is to provide guidance to your staff members. Familiarity with these sites will help you craft clear policies.
IT'S NOT JUST ABOUT YOUR PRACTICE'S COMPUTERS
Policing your computer network is a critical aspect of your social media policies. Blocking Internet access to social media sites may prevent employees from using them during office hours, but itwill not prevent them from using home computers, PDAs, or smartphones to do the same thing, both during business hours and outside of the office. Of course, there's only so much you can directly control. You may have limited access to your employees' social media accounts outside the office, but you can - and should - still educate them on the HIPAA-related risks involved in their use of social media. …