Swedish to Hospitals: Surprising Insights Into HIPAA and Social Media

Dana Lewis is interactive marketing specialist at Swedish, a Seattle healthcare system, and the moderator of the #hcsm twitter chat each Sunday at 8 p.m. CT.

Swedish began implementing social media in 2009 and brought Dana onboard about a year ago. I wanted to know how Swedish approached one of the major barriers to many hospitals – fear of HIPAA violations – and Dana was kind enough to allow me to interview her.

She makes excellent points about HIPAA policy, training and keeping it all in perspective. Hint: Doctors are more likely to violate HIPAA on an elevator than in social media. And Dana offers some surprising advice to hospitals thinking of incorporating social media. (Some comments are edited for brevity.)

Q: What were the biggest hurdles Swedish faced when implementing social media?

Dana: We have an innovative healthcare culture at Swedish, and social media fit in really well. Our CEO encouraged us to look at it. Our biggest challenges were, What is it? How do we want to use it? What do our communities, audiences and patients need, and how can we provide that using these new tools? How are we going to integrate this across the organization? What are the areas we are going to tackle first?

Q: How worried were leaders about HIPAA violations in social media?

Dana: When I got here, that wasn’t the biggest question. Our number one rule is to protect patient privacy at all times. We had already moved past that.

But as an industry observer before coming here, I noticed that was a big question. On the #hcsm twitter chats, everyone was concerned about HIPAA. But it was a knee-jerk reaction to the wrong question.

At Swedish we didn’t get bogged down with the HIPAA question. We’re just not going to violate HIPAA. There are a lot of things we can do that won’t even go near that. For instance, if you place a doctor video on YouTube, there is less risk, because there are likely no patients in the video.

Doctors are more likely to violate HIPAA in an elevator than in social media. If there’s a HIPAA problem, it’s not social media. It’s the fact that they are sharing protected health information.

Q: What HIPAA policies do you have in place, and how do you conduct training?

Dana: As part of employee orientation, we do talk about HIPAA and patient privacy in our code of conduct. Social media is part of our broader internet policy.

The focus is on HIPAA, not specifically HIPAA and social media. Just like we wouldn’t have training on HIPAA and the telephone or HIPAA and talking in public. It doesn’t matter which channel.

It’s important for our employees to realize that our internet posting policy applies to them whether they’re on a Swedish computer at Swedish or on their phone or at home. Just because you’re off your shift, you can still violate patient privacy. We remind them to think before they post, and to respect other people, their colleagues, and their patients.

(Here is a link to Social Media Commenting Policy at Swedish.)

Q: What HIPAA problems have you faced?

Dana: To my knowledge we haven’t had any incidents. (Knock on wood!) We are very fortunate. We have great employees, great nurses and doctors. They don’t want to violate patient privacy.

We realize that everybody has a phone and everybody has access to a computer. Fear of HIPAA is not a reason to block access to social media. If we have a situation, we would hope to address it, learn from it,  and move forward.

Q: How do you respond to possible HIPAA violations on Facebook?

Dana: You do have some measure of control over Facebook pages. If something is posted, you could hide it from the wall or remove it. But we haven’t had any concerns. I don’t know why any employee would go there and violate HIPAA.

If patients post information, it’s not protected health information if they choose to post. We explain that in our social media commenting policy. It’s like them posting it on their own page or anywhere else on the internet. But we don’t rebroadcast that. It’s the same with Twitter. If somebody tweeted us, we wouldn’t retweet without permission. Just because you choose to share with your followers or audience doesn’t mean we have the right to share it with our audience.

(Here is a link to Swedish’s social media presences – and some fun projects.)

Q: What if someone posts something on your Facebook page about a friend? Is that a potential HIPAA violation?

Dana: We don’t recommend that. Per our social media commenting policy, we reserve the right to pull or hide that comment to protect the privacy of that individual.

Q: How does Swedish approach social media at work? Is it blocked?

Dana: Social media is unblocked for employees. They know they need to care for patients first and do their jobs first, but if they’re leaving off shift and want to check a restaurant review, it’s there for them.

My personal opinion is that it would be silly to put that obstacle in people’s way. Then they spend more time digging out their mobile device, which everyone has, than just checking on the computer.

Q: What advice would you give a hospital considering incorporating social media?

Dana: Start with listening to the community. Figure out what your patients want. They may not even want you to have a Facebook wall. They may be better served to have an interactive website. If so, listening first could serve them a lot better than spending time, energy and money and staffing on setting up a Facebook wall with custom tabs that’s not needed.

After listening, focus on education. Social media really needs to be integrated. It cannot live in one space. And it needs to be a multi-disciplinary team approach, because that’s what your hospital is. Patients are not touched by just one doctor, but a whole team. Social media should be the same.

Q: Do you have any other advice for hospitals?

Dana: It’s okay to try. Get into social media and dip your toes in. If you decide that what you’re doing isn’t working, that’s okay. It’s totally fine to reevaluate, readjust and reapply your energies to another forum to find out what’s best for your patients. I don’t think enough people think about that. It’s okay to try and try again.

____________________________________________________________

For a detailed guide to HIPAA and social media, visit our What We Think page to download “9 No-Nonsense Rules to Ensure a HIPAA-Compliant Social Media Strategy.”

 

 

 

6 replies
  1. Dan Hinmon, Principal
    Dan Hinmon, Principal says:

    Thanks for chiming in, Dana. It is definitely a new world and building awareness of all the ramifications is critical for hospitals and employees.

    Reply
  2. Dana Lewis
    Dana Lewis says:

    John, good point, and I agree somewhat. However, with smart phones, you never know when someone may be recording you in a public place, either. Think about the recent news stories about TSA security checkpoints, brought to the attention of the media by someone taking pictures or video on their phone. A conversation or comment in an elevator, in Starbucks, or on social media, all have the same viral potential.

    Also, I think we need to be having more conversations about privacy – about how we as individuals choose to share information (about our health or otherwise). I think patient education in this regard is just as important as HIPAA discussions related to social media.

    Reply
  3. Dan Hinmon, Principal
    Dan Hinmon, Principal says:

    I agree, John. I think Dana’s point is that HIPAA violations can occur anyplace, and hospitals can get over social media fears by realizing that it’s about protecting health information wherever you are, not just in social media. Of course the reality of the web is that it is viral and that there is no privacy when you post in public forums. Hence the need to think twice – or three times – before posting. I really don’t see any way to “control” either.

    Reply
  4. John Sharp
    John Sharp says:

    The difference between an elevator conversation heard by 3-5 people versus a Facebook posting viewed by hundreds or thousands is significant, but the attention to privacy must be in one’s constant awareness in both situations. We must have a way to address the viral nature of the web and controlling privacy.

    Reply
  5. Dan Hinmon, Principal
    Dan Hinmon, Principal says:

    Thanks so much, Brian. We’re all in this together, and the more we can educate healthcare leaders about the rich rewards of social media and minimize the fear of HIPAA violations the more our patients will benefit. Keep up the good work!

    Reply
  6. Brian Geyser, APRN
    Brian Geyser, APRN says:

    Great interview Dan. I tell my clients in the LTC, senior living, and homecare space the same about HIPAA. There’s simply no reason to let HIPAA stop you from embracing social media. A common sense approach with a little guidance from the pros (like yourself) to make sure all bases are covered is all that is needed. One day, in the not too distant future, we will all chuckle that we made such a big deal about HIPAA. Until then, it’s good to know there’s help out there. Thanks for your great work. As a licensed NP who works in a hospital, I know how important what you do is:)

    Reply

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>