<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=879451795530434&amp;ev=PageView&amp;noscript=1">

What Assisted Living Facilities Need to Know About Social Media and HIPAA Compliance

Feb 27, 2018 9:00:00 AM


What Assisted Living Facilities Need to Know About Social Media and HIPAA Compliance

Social media offers a great way to advertise, market and reach potential residents, as well as their loved ones and others in charge of their care.

But unlike most businesses, assisted living facilities can’t use social platforms any way they see fit. Due to certain laws dictating how healthcare information is shared and disseminated, there are actually quite a few rules for what you can and can’t do in the social world if you provide medical care or related services.

That doesn’t mean you can’t still use social media in your outreach efforts. You definitely can – and should. It simply means you need to dive into it with a clear-cut plan, strict guidelines for content, and set-in-stone rules for those who manage your accounts – otherwise you could face legal repercussions.


What Assisted Living Facilities Need to Know About Social Media and HIPAA Compliance

HIPAA and its Impact on Social Media

HIPAA, more formerly known as the Health Insurance Portability and Accountability Act, dictates how data related to health and medical care can be shared, communicated and disseminated. Its goal is to protect the intimate medical details of Americans – both from issues like hacking, fraud and security breaches, as well as from companies using this data for sales, marketing or research purposes. It applies to all doctors, insurance plans, hospitals, medical facilities and health care providers and facilities – including senior living and assisted care organizations.

Because HIPAA was written back in 1996, there are no specific provisions relating to social media and how it relates to health care privacy concerns. Still, as social media has risen in use – both by American healthcare patients and by facilities that provide that care, the law has had to be interpreted in a new light.

The basic gist of HIPAA is simple: you can’t share medical or health information about a patient or resident without their consent – especially if that information isn’t already publicly available. If you do share that information, it has to comply with HIPAA’s security rules, which dictate how data can be shared electronically.


What Assisted Living Facilities Need to Know About Social Media and HIPAA Compliance

What Assisted Living Facilities Can and Can’t Share

When posting on social media, assisted living facilities need to steer clear of sharing anything that can identify a patient without their clear consent – meaning their name, age or even just image. Verbal consent is not enough to protect you from legal repercussions either. You would want to get the consent in writing, on paper, to fully protect yourself before posting anything about a patient.

Let’s look at a few different types of content you might consider posting, and how HIPAA would play into that:

  • Images – Whether you’re posting a photo of a single resident or several of them in a group setting, you would need consent from everyone pictured in order to be HIPAA-compliant. Go ahead and have forms on hand and ready to go if you plan on posting photos. Make sure your staff knows how and when to use them.
  • Names, ages, addresses or other personal details – Videos of your residents behind the scenes or talking about their experience at your facility are great ways to reach new, potential patients. But be careful about what you share about these residents. Steer clear of anything that would allow someone to identify those residents without their consent. Again, you need it written and signed that the resident is OK with the post. If they have a power of attorney, you’ll need their signature, too.
  • Medical conditions or health details – In general, you should avoid sharing details about a resident’s health care or conditions. HIPAA is very strict on how data regarding medical care can be shared, and it’s likely a post on Facebook, Twitter or LinkedIn is not in line with those rules.

It’s important to have clear-cut rules for what your team can and cannot post about your residents, as well as their care and conditions. Violating HIPAA can result in serious fines and penalties for your business, and it could impact your ability to continue operation in the long term.


What Assisted Living Facilities Need to Know About Social Media and HIPAA Compliance

How to Protect Yourself from HIPAA-Social Media Issues

If you want to safeguard your organization from HIPAA penalties, you’ll need to have a clearly defined social media policy in place before moving forward with any sort of posting. This should include rules for content, where and when that content can be posted, and how patients, residents and their visitors can be pictured, named or even just referred to.

You will also want to create a policy regarding your employee’s social media behavior. Many facilities have seen legal problems due to an employee’s personal activity on social platforms like Snapchat and Twitter. Make sure your employees know they cannot:

  • Post disparaging or demeaning content about your residents
  • Post images, videos or memes of your residents
  • Friend or follow your residents or their family members on their personal accounts

You should also designate a dedicated employee or two to manage your accounts. Don’t give access to the entire organization, and keep a tight rein on who is allowed to post on your behalf. Make sure to train them thoroughly on policies and procedures and have a chain of command that allows you – or your compliance or management staff – to approve all posts before they go live. 

You should also consider setting up automatic alerts on all facility posts. This will allow you to see content as soon as it goes up, so you can correct any potential issues before they’re too widely seen.


What Assisted Living Facilities Need to Know About Social Media and HIPAA Compliance

What About Grey Areas?

As an assisted living facility, you will likely encounter grey areas when it comes to your social media content. Is it HIPAA-compliant or could it have legal ramifications? If you find yourself asking these questions, it’s best to err on the side of caution. Forgo posting that content for the moment and get in touch with us. We can help you manage your social media in an effective and 100-percent HIPAA-compliant way.


Get Your Voice Heard

Start Now