Responding to Social Media Comments in a HIPAA-Friendly Way
Responding to Social Media Comments in a HIPAA-Friendly Way
Online reviews are one of the most common ways patients find new doctors; approximately three out of four patients rely on social media and review sites when researching physicians, and more than half say these reviews are “somewhat” or “very” important in their overall decision-making process.
Potential new patients are sure to scrutinize the comments left on your various social media platforms to glean additional feedback. Whether positive or negative, it’s important to respond to these comments, but you’ll have to proceed with caution: doing so without exposing somebody’s protected health information (PHI) is tricky. There are tips for responding to social media comments in a HIPAA-compliant fashion.
Maintaining Patient Privacy on Social Media
PHI is a key component of the HIPAA Privacy Rule. It’s important to understand that PHI doesn’t only refer to a patient’s medical history, but also covers any information that can be used to identify a patient, including names, phone numbers, birthdates, email addresses, and diagnosis or test results. Even when the patient provides information in a social media comment that may unintentionally reveal their identification, it is still your responsibility as their provider to respond in a way that does not violate HIPAA regulations. Otherwise, your practice may be subject to fines or lawsuits. Tread carefully!
The following strategies will help you craft a response that is HIPAA-friendly:
- Avoid patient-specific information. You are not allowed to even confirm or deny that a person commenting is a current or former patient. If they have provided PHI, you don’t have to delete the comment, but refrain from acknowledging or adding to the thread. Instead, offer to continue the conversation in private. But before you do this…
- Do not initiate contact yourself. In many states, providers are legally required to obtain a patient’s permission before initiating direct contact via email or other electronic means. Your best bet is to provide them with your phone number and encourage them to call you in order to discuss the matter in more detail. If the patient prefers email, you can ask them for their consent at this time.
- Respond to reviews anonymously, but do respond. When replying to comments, do so without acknowledging that the person leaving the review is a patient. A generic response works best – try something like, “Thank you for bringing this matter to our attention. We will address the issue with our staff to ensure it does not occur again.” You should vary the language a bit so it doesn’t come across as an automated response every time. The worst thing you can do is to ignore a negative comment – this leaves the impression that you do not care about the patient’s concerns.
Following these practices will ensure your responses are HIPAA-compliant while showing that you care about your patients.