Medical Practices, Social Media, and HIPAA — Can’t We All Just Get Along?
By Elizabeth Hipp
The use of social media always has been a sensitive subject for medical practices, and most recently there has been concern over Google reviews and potential HIPAA violations. At one time, Google allowed users to review services, including doctor’s offices, anonymously or with a pseudonym. However, the company recently changed its policy so that any reviewer must log in to his or her Google account and leave his or her full name with a review.
So what impact does this have on hospitals or practices in both their search engine ranking and social media in general?
For starters, many patients will not want to review practices where they will be identified as a client. Privacy is paramount in the medical industry, and requiring users to identify themselves as a plastic surgery or mental health patient, for example, is a turn off for most users. Reviewers also are less likely to leave specific details about their medical conditions if they are identified, which makes the review less credible in the public’s eyes. Specific details are what makes reviews persuasive and helps other patients with the same medical problem find a practice. Also, a lack of reviews directly translates into lower search rankings on Google, and the harder a practice is to find online, the less likely potential patients will visit it.
Most importantly, doctors will no longer be able to respond to reviews, whether negative or positive, because acknowledging a reviewer as a patient violates HIPAA confidentiality standards. This is a problem particularly for the negative reviews, as responding directly to a complaint is the hallmark of a conscientious doctor and leads to a more positive public image. But by doctors not being able to respond, public opinion of a practice can decrease.
Of course, there are some upsides to the Google changes: no more businesses posting fake reviews to make their practice seem highly rated and no more patients (or competitors disguised behind the veil of anonymity) leaving negative reviews without having to be identified.
Although the change applies only to Google at this point—Yelp, Vitals, HealthGrades, and other reviewing sites still allow reviewers to post anonymously—this change leads to some bigger questions regarding doctors and social media use. Specifically, if social media sites can change their policies without any regard to HIPAA standards, should doctors be concerned about using these sites at all?
To avoid privacy violations, doctor’s offices need to have social media guidelines and training in place for all employees, regardless of whether the office participates in social media. Creating these guidelines and educating employees about them will not only make employees more aware of the limitations of what they can and cannot post on their personal social media, but it also limits liability for the practice. Also, a good rule of thumb for posting on any website, whether company run or not, is never identify a patient, whether by name or other details, unless you have their prior permission in writing.
Social media is tricky in that it is ever changing—sites such as Google and Facebook are constantly modifying their user rules, site design, and more. Doctors need to be aware of how to use these sites responsibly and train their staff to be aware of potential patient privacy violations. They also need to monitor social media sites for changes to their policies and make adjustments to their social media policy accordingly.