Swedish began implementing social media in 2009 and brought Dana onboard about a year ago. I wanted to know how Swedish approached one of the major barriers to many hospitals – fear of HIPAA violations – and Dana was kind enough to allow me to interview her.
She makes excellent points about HIPAA policy, training and keeping it all in perspective. Hint: Doctors are more likely to violate HIPAA on an elevator than in social media. And Dana offers some surprising advice to hospitals thinking of incorporating social media. (Some comments are edited for brevity.)
Q: What were the biggest hurdles Swedish faced when implementing social media?
Dana: We have an innovative healthcare culture at Swedish, and social media fit in really well. Our CEO encouraged us to look at it. Our biggest challenges were, What is it? How do we want to use it? What do our communities, audiences and patients need, and how can we provide that using these new tools? How are we going to integrate this across the organization? What are the areas we are going to tackle first?
Q: How worried were leaders about HIPAA violations in social media?
Dana: When I got here, that wasn’t the biggest question. Our number one rule is to protect patient privacy at all times. We had already moved past that.
But as an industry observer before coming here, I noticed that was a big question. On the #hcsm twitter chats, everyone was concerned about HIPAA. But it was a knee-jerk reaction to the wrong question.
At Swedish we didn’t get bogged down with the HIPAA question. We’re just not going to violate HIPAA. There are a lot of things we can do that won’t even go near that. For instance, if you place a doctor video on YouTube, there is less risk, because there are likely no patients in the video.
Doctors are more likely to violate HIPAA in an elevator than in social media. If there’s a HIPAA problem, it’s not social media. It’s the fact that they are sharing protected health information.
Q: What HIPAA policies do you have in place, and how do you conduct training?
Dana: As part of employee orientation, we do talk about HIPAA and patient privacy in our code of conduct. Social media is part of our broader internet policy.
The focus is on HIPAA, not specifically HIPAA and social media. Just like we wouldn’t have training on HIPAA and the telephone or HIPAA and talking in public. It doesn’t matter which channel.
It’s important for our employees to realize that our internet posting policy applies to them whether they’re on a Swedish computer at Swedish or on their phone or at home. Just because you’re off your shift, you can still violate patient privacy. We remind them to think before they post, and to respect other people, their colleagues, and their patients.
(Here is a link to Social Media Commenting Policy at Swedish.)
Q: What HIPAA problems have you faced?
Dana: To my knowledge we haven’t had any incidents. (Knock on wood!) We are very fortunate. We have great employees, great nurses and doctors. They don’t want to violate patient privacy.
We realize that everybody has a phone and everybody has access to a computer. Fear of HIPAA is not a reason to block access to social media. If we have a situation, we would hope to address it, learn from it, and move forward.
Q: How do you respond to possible HIPAA violations on Facebook?
Dana: You do have some measure of control over Facebook pages. If something is posted, you could hide it from the wall or remove it. But we haven’t had any concerns. I don’t know why any employee would go there and violate HIPAA.
If patients post information, it’s not protected health information if they choose to post. We explain that in our social media commenting policy. It’s like them posting it on their own page or anywhere else on the internet. But we don’t rebroadcast that. It’s the same with Twitter. If somebody tweeted us, we wouldn’t retweet without permission. Just because you choose to share with your followers or audience doesn’t mean we have the right to share it with our audience.
(Here is a link to Swedish’s social media presences – and some fun projects.)
Q: What if someone posts something on your Facebook page about a friend? Is that a potential HIPAA violation?
Dana: We don’t recommend that. Per our social media commenting policy, we reserve the right to pull or hide that comment to protect the privacy of that individual.
Q: How does Swedish approach social media at work? Is it blocked?
Dana: Social media is unblocked for employees. They know they need to care for patients first and do their jobs first, but if they’re leaving off shift and want to check a restaurant review, it’s there for them.
My personal opinion is that it would be silly to put that obstacle in people’s way. Then they spend more time digging out their mobile device, which everyone has, than just checking on the computer.
Q: What advice would you give a hospital considering incorporating social media?
Dana: Start with listening to the community. Figure out what your patients want. They may not even want you to have a Facebook wall. They may be better served to have an interactive website. If so, listening first could serve them a lot better than spending time, energy and money and staffing on setting up a Facebook wall with custom tabs that’s not needed.
After listening, focus on education. Social media really needs to be integrated. It cannot live in one space. And it needs to be a multi-disciplinary team approach, because that’s what your hospital is. Patients are not touched by just one doctor, but a whole team. Social media should be the same.
Q: Do you have any other advice for hospitals?
Dana: It’s okay to try. Get into social media and dip your toes in. If you decide that what you’re doing isn’t working, that’s okay. It’s totally fine to reevaluate, readjust and reapply your energies to another forum to find out what’s best for your patients. I don’t think enough people think about that. It’s okay to try and try again.
For a detailed guide to HIPAA and social media, visit our What We Think page to download “9 No-Nonsense Rules to Ensure a HIPAA-Compliant Social Media Strategy.”