The Risk of Social Media Use in Healthcare

Social media has significantly altered our daily lives, both personally and professionally.  The Pew Research Center reports that 74% of adult internet users access social networking sites.



Each year Social Media Examiner polls business marketers to gauge how they are using social media to grow their business. Last year an impressive 92% of marketers surveyed indicated that social media is important for their business.


The healthcare industry has been slower than others to adopt social media, but those that have report positive results. Social media use in healthcare has provided a great number of benefits. Healthcare organizations are using social media to market their practices, build relationships, educate current and potential clients and network with other professionals.  (To learn more about the positive impacts social media has had upon healthcare organizations, check out this blog post.)


Despite the positive returns social media has provided, it is important to be aware of how these powerful resources can negatively impact your organization (even if you do not have corporate sponsored accounts).


  1. Increased risk of exposure to viruses and malware.


Beachhead Solutions, developer of SimplySecure encryption solutions reports that 52% of organizations have experienced an increase in malware attacks as a result of employees’ use of social media.  The risk of exposure stems from the false sense of security that develops between users and their circle of friends. Individuals are more likely to trust what is sent to them from friends within their social media platforms, thereby increasing the probability they will click on malicious links and software applications.


Facebook accounts are hacked 600,000 times per day. There is significant likelihood that your staff members have been exposed to compromised accounts. If you permit the use of social media accounts in your practice, ensure your users are provided proper training and can recognize common social media scams to protect themselves (and your network) from viruses and malware.


  1. Damage to Your Brand


If you make the decision to open social media accounts on behalf of your business, be mindful of who among your staff has access to those accounts and train those individuals as to what is acceptable and not acceptable in terms of information posted on your accounts. Every post made is a reflection of your organization as a whole.  Select your administrators and contributors carefully. (See my past blog post for tips on protecting your social media assets.)


Before opening a new account, set social media goals and share content that aligns with those objectives. For example, if you create a Facebook page with the goal of educating your clients, post content that is useful and helpful for those individuals.  How do you know what to post? Ask them. Take note of common questions your staff is asked during routine patient visits and phone calls. Respond with content posted to your social accounts that aligns with what you’ve uncovered about your clients’ desires and needs.


Most importantly, make sure you develop a plan on how you will monitor what others post to your accounts. The instantaneous nature of social media has altered what consumers expect in terms of responsiveness to requests made via these channels. Your followers will post to your accounts. Forty-two percent of those individuals expect a response to their inquiries within one hour of their post while another thirty-two percent will expect a response within 30 minutes. Failure to respond or responding inappropriately could negatively impact the impression others have about your business.



  1. Potential for HIPAA Violations


The potential for disclosures on social media accounts that violate patients’ privacy is significant. The majority of HIPAA violations related to social media occur on the personal Facebook pages and Twitter accounts of employees working for healthcare organizations. A disclosure involving the personal health information of patients is a violation regardless of whether that disclosure occurs on company time, company computers or even the company’s social account.


Take control of this risk by developing a social media policy and training your users accordingly. (Do this even if you make the decision not to open accounts specifically for your organization.) At a minimum, make sure that your staff members know that discussing patients, even without their names, is not ok. There are widely circulated stories of healthcare professionals who shared information that was general in nature and found themselves in trouble. Specifically mention to staff members the need to be careful when posting photos.  Uploading a selfie of yourself and your co-worker to Facebook is perfectly fine but not if you have inadvertently captured a patient in the background. It should go without saying that pictures of patients (including their x-rays) should never be shared online, but include this information in your policy as well. Violations of this nature are well documented online and should serve as a costly example of why explicit documentation and training is necessary.


Need assistance with policy development? This recent article provided by Healthcare IT News is an excellent place to begin.


Love it or loathe it, social media is here to stay. Know the risks and invest the time to ensure your staff members are aware of them as well. Doing so will decrease the risks associated to social media use in your healthcare practice.

Leave a Reply

Your email address will not be published. Required fields are marked *