Training is limited to corporate channels and salaried personnel

[fomayof928@mowline]

Example patient message: @Hospital, I was recently diagnosed with diabetes and I would like to know which of your doctors specializes in diabetes care?

Not HIPAA Compliant: @Patient, we know coming up france b2b leads with a new diabetes diagnosis can be challenging and we're here to help. Call Dr. Smith's office directly to schedule a consultation.

HIPAA Compliant: @Patient, we have removed your comment to protect your privacy. Please call or email our team for assistance.

By limiting training to corporate channels and pay staff, healthcare organizations create knowledge gaps that can have significant consequences. For example, an excited intern could post a selfie with a patient. Or a hospital intern might accidentally leak PHI in a funny TikTok.

Healthcare organizations should remember that HIPAA applies to everyone under the control of a covered entity, including volunteers, students, and unpaid personnel. It also encapsulates social profiles outside of company accounts, including employees’ personal accounts.

What HIPAA means for social media vendors
HIPAA compliance and security should be top of mind when choosing software vendors and tools. During platform evaluation, expect your security and privacy teams to be vigilant about how data is used when integrated into a larger technology stack.

Look for management solutions with permission levels and message approval features to ensure only responsible parties can post. Be sure to take cybersecurity measures to protect PHI on electronic devices, such as encryption or firewalls.

Go a step further and find a social media management solution that is willing to sign a Business Associate Agreement (BAA), a legally binding contract that spells out each party’s responsibilities regarding PHI and HIPAA compliance. As Florence details, “You should work with a partner like Sprout Social who can sign a BAA and share the risk and responsibility with you.”