5 Things Healthcare Employers Need to Know About Social Media Compliance

Senior Director of Marketing

In the Society of Corporate Compliance and Ethics (SCCE) and the Health Care Compliance Association’s (HCCA) Compliance and Ethics Hot Topics for 2016 Survey, employers across all industries selected social media compliance risks as the second highest area of concern, second only to cybersecurity and cybercrime. For healthcare employers, however, social media compliance risks was the top concern.

After listening to a February HCCA webinar presented by Kortney Nordrum, attorney and social media expert at HCCA, it was very clear why healthcare employers have more reasons to be concerned about social media. A 2015 version of Nordrum’s presentation is available on The Compliance and Ethics Blog, but this article covers some of her session’s highlights and how healthcare employers can get started with managing social media and the risks and benefits that come along with it.

1. Social Media is Not Going Away

By now, social media is just another aspect of life. As a healthcare organization, both employees and patients are using it. From a marketing perspective, search engines like Google index social media posts, which means your organization’s social media activity can be found through searches. Having a strong social media presence can influence decision-making, so it’s important that healthcare organizations have a social media strategy that involves collaboration with the compliance department in order to mitigate risk.

While social media is an area of concern for many reasons, it can also be very beneficial for healthcare. For example, a 2012 study by the Journal of Medical Internet Research found that 60 percent of doctors believe social media improves the quality of patient care they deliver.

2. HIPAA Compliance Can Be Tricky with Social Media

It can be very easy to violate the Health Insurance Portability and Accountability Act (HIPAA) on social media if your organization does not have a clear policy. In an article for Law360, Kyna Veatch, President at Veatch Ophthalmic Instruments, offers the following suggestions for avoiding HIPPA violations on social media:

  • Avoid “friending” patients and clients.
  • Understand that HIPAA lists 18 personal identifiers including photos, neighborhoods, birth dates and vehicle identifiers. In small communities especially, people can quickly determine who is in the hospital and for what with just a few details.
  • Healthcare professionals do not have the right to transmit by electronic media any image of a patient.

Even if your organization does not use social media as a marketing and branding tool, it may still be a good idea to offer social media and HIPAA compliance training to your staff so they understand that innocent comments about patients on social media, for example, could result in a HIPAA violation.

3. The AMA Has Issued an Opinion on Professionalism in the Use of Social Media

The American Medical Association (AMA) Opinion 9.124 outlines that physicians should weigh a number of considerations when maintaining a social media presence:

  • Be cognizant of standards of patient privacy and confidentiality that must be maintained in all environments.
  • Use privacy settings to safeguard personal information and content to the extent possible, but understand that content on the Internet is there permanently.
  • Consider separating personal and professional content online to maintain professional boundaries.

4. Be Aware of the NLRB’s Decisions on Social Media

According to Nordrum, the National Labor Relations Board (NLRB) decisions are the top reason why organizations get in trouble with social media. “The NLRB has had its eye on social media for quite some time,” Nordrum says.

NLRB decisions apply to most private sector employers, including manufacturers, retailers, private universities, and healthcare facilities. When it comes to complying with the NLRB, employer policies should not be so sweeping that they prohibit the kinds of activity protected by federal labor law, such as the discussion of wages or working conditions among employees. In a December 14, 2012 decision, for example, the NLRB found that it was unlawful for a non-profit organization to fire five employees who participated in Facebook postings about a coworker who intended to complain to management about their work performance. In this case, the Facebook conversation was considered concerted activity and was protected by the National Labor Relations Act.

5. Be Mindful of the EEOC When Using Social Media for Hiring Decisions

The Equal Employment Opportunity Commission (EEOC) is mainly concerned with discrimination in hiring decisions, which means employers should be careful when social media is used for this purpose. As Nordrum notes in her presentation, hiring managers can be exposed to gender, race, ethnicity, age, disability, and pregnancy from a single Facebook photo. It can be very dangerous if the hiring manager is the one looking at a potential candidate’s social media profile.

In order to mitigate risk, Nordrum recommends separating the people conducting the social media research from the hiring managers. “Have another person do that search; the person running the search can bring the red flags up to the hiring manager, but only that information,” she says.

Social media is a high-risk area of concern for employers, especially healthcare employers, but by being mindful of these key areas and developing policies and procedures that address them, organizations can significantly reduce harm caused by this valuable tool.