« Return to List
Posted on 04.06.2010
The Realities of HIPAA in Social Media

Part Two in the discussion of PR and Legal Counsel as Uneasy Bedfellows and Strategic Partners
The number of hospitals and healthcare providers jumping into social media increases daily. (Check out
Ed Bennett’s impressive resource if you don’t believe me). Like most all consumer-driven businesses, hospitals are eager to reap the value that social media can deliver – often with remarkable cost efficiency.
Healthcare administrators’ apprehensions about the perceived liabilities of social media engagement seem to have abated as marketers have become increasingly adept at addressing management’s main concerns:
"What will we do if someone criticizes us?” Apply standard
service recovery techniques and have a clearly articulated and well posted disclaimer about removing inappropriate posts.
“What can we do about employees spending time on Facebook during work hours?” Have a plain-language
social media policy; propagate it thoroughly and often.
But just as anxiety in the hospital c-suite begins to wane, dyspepsia spreads around the legal department and the attorneys pull out their favorite trump card: HIPAA. The PR vs. legal clash is on.
Fortunately, a growing number of marketing sensitive attorneys are stepping into the discussion, reminding their peers about whom the Health Insurance Portability and Accountability Act applies:
covered entities, meaning hospitals, providers and now authorized business associates. Patients and family members are not covered entities under HIPAA. So it’s not a HIPAA violation for a well-meaning daughter to post that her father received great care at General Hospital after his stroke from uncontrolled diabetes.
Media and internet attorneys will also explain there is no liability for General Hospital to sponsor or even own the site on which the daughter makes the post. Providers of interactive services (such as a Facebook fan page or hospital blog) are protected by provisions of the
Communications Decency Act. So long as the social media team at General understands it should
never edit posts (though it is free to remove them), the liability just isn’t real.
This is not to suggest that hospitals and other healthcare providers should enter into social media blindly. But if your market research and planning indicate it’s time to go social, legal concerns needn’t keep you in Web 1.0.