Tuesday, April 25, 2017

Walking the Social Media Tightrope

Much like walking on a tightrope, participating on social media is a science as well as an art.


People post on social media all the time. They like to post pictures, tag their location when they are somewhere cool and they even like to write about what they are eating. Unfortunately, many people do not see any harm in what they post. For example, below is an example of somebody posting something that they perceived as innocent and, in their eyes, thoughtful:

In an assisted living center, a housekeeper posted a picture of a vision and hearing impaired resident on her social networking webpage, with the caption "This is my friend," along with the resident's first name.

By posting the picture of the resident without their consent, the employee violated HIPAA Privacy regulations. After the violation was brought to the employees’ attention, the employee apologized and immediately removed the photo. She said she was not aware that a person could not do such a thing without the resident's consent. While the employee did not have malicious intent, the action was still a violation of the resident’s privacy.

Social media is a double edged sword. If used properly, social media can be an amazing tool that can be used in many beneficial ways. However, if used improperly, social media can do extensive damage to the user and the organization they work for.

Dangers of Social Media

Use of social media by healthcare professionals can present some challenges and possibly open the door to HIPAA Privacy violation and future liability. Here are some examples of social media privacy violations that have lead to a HIPAA Privacy audit:

  • Posting pictures of patients/residents without their consent
  • Posting a video of a patient
  • Posting a video describing a patient or a patients situation
  • Posting a “selfie” in a restricted area where Protected Health Information (PHI) is visible
  • Writing a post or comment about a patients situation

These social media posts can severely damaging to an organization and to the individual who’s privacy had been compromised. In addition to these actions leading to a HIPAA Privacy audit, these type of social media posts also have a negative effect on the reputation of the healthcare organization. Privacy violations do not go unnoticed by other patients and these privacy violations do cause patients to rethink their trust in their healthcare provider.

As with walking a tightrope, it is very easy to slip and fall into unwanted territory with social media posts.

Beauty of Social Media

While social media can have many negative effects on an organization and patients, it can also be used for some great things. These are some examples where social media can have a positive impact in the healthcare world:

  • Educate followers with various health tips
  • Maximize exposure of an organizations community contribution
  • Give patients a platform for them to write positive reviews
  • Celebrate the accomplishments of your employees (post with their permission)
  • Announce specials, discounts, or new product

There is so much an organization can do with social media that will have a positive effect. However, social media posting in the healthcare industry is like walking a very fine line. When posting on social media, it is important to have established guidelines and policies in writing. This will enable a healthcare provider to safely post on social media without fear of slipping and falling into unwanted territory.

Be sure to take to have documented training on social media for your employees. They need to know the impact their social media posting can have on patients and on the organization itself. In addition, having documented training will help protect the organization against liability if the need arises to discipline an employee for not following social media policies and procedures.

If done right, having a positive social media presence will be very beneficial to an organization. However, it is important to stay on that narrow rope when posting. It can be very easy to move slightly to one side or the other and fall into unwanted post territory.


For more information about safely posting on social media, please watch the following webinar:




To subscribe to this blog, enter your email address:


Delivered by FeedBurner

Friday, April 14, 2017

When Doctors Resist Compliance Training

"No doctor, compliance training is not optional"

We often receive calls from clients asking for creative ways or guidance to get the doctors in their practice to do compliance training along with the rest of the office staff. The doctor doesn't have time or just wants to "review" the policies and procedures, which they won't. This seems to be a fairly common thread with compliance training and doctors.
Many offices have similar issues with doctors resisting training and as a medical office manager or compliance training administrator you may need to be less coddling or creative and more firm and direct. 

The bottom line is that HIPAA, OSHA and Medicare do not simply suggest training. It is REQUIRED that ALL EMPLOYEES receive compliance training annually (including management and particularly doctors). They don’t simply recommend this or say if it is convenient but that it is REQUIRED for compliance.

It may be necessary to send a message reminding ALL staff members of this fact and the importance of being in compliance for the safety of patients and staff, privacy issues, the legal requirements and financial/reputation ramifications for the practice as a whole due to violation or non-compliance.

Including the information on specific regulations may be useful to get the message across. For example:

The HIPAA Privacy CFR discussing administrative requirements for training can be located in 45 CFR § 164.530(b)(1) and for HIPAA Security 45 CFR § 164.308(a)(5).

Similar resources for OSHA can be found on the Guide to Compliance with OSHA Standards for Medical and Dental offices website. Note that each standard requires training.

Medicare and most insurance companies also require attestation (to affirm to be correct, true, or under oath) that ALL staff receives Fraud, Waste and Abuse training to maintain receipt of payment.

As for HR and Employment Law, we were recently contacted by a client about an unemployment claim issue. Because of the Doctor making a poor decision they will likely end up paying that unemployment claim when normally they would have been able to contest it. Due to that doctors lack of HR training, his bad decision will now cost the practice unnecessarily. Please see this previous article that spawned from this incident:
The greatest risk to any organization comes from within.


Another key item of importance is that workforce member can't just read over some notes on policies or procedures and be considered "trained". There needs to be a formalized consistent method of training that includes Documentation of the training processes, dates, etc. As the saying goes, if it isn't documented it didn't happen.

Compliance and Compliance Training is not optional and is very crucial to the legitimacy and success of your practice or medical facility. Make these requirements clear to your Entire Workforce as a fundamental part of your organization's culture and a non-negotiable condition of employment at your practice. End of story!




To subscribe to this blog, enter your email address:


Delivered by FeedBurner