We shared the following scenario in one of our recent presentations. As you read the following scenario, think about the following questions:
- Have you ever experienced some of the issues mentioned in the scenario?
- What policies and procedures do you have in place to address:
- Patient Communication?
- Social Networking?
- Mobile Device Usage?
Scenario: Johnny Athlete's Surgery
"OMG! I can't believe Dr. Smith is seeing Johnny Athlete. I hope he didn't break his ankle" could be heard coming from the front desk. One of the receptionists quickly takes a selfie from her desk with Johnny in the background and posts it to her Facebook wall. The caption read, "Poor Johnny, get well soon". Due to the popularity of Johnny Athlete, it didn't take long for other patients to ask if that was the Johnny Athlete that just came in. Without a second thought, an employee replies, "Of course that was Johnny; our doctors take care of the best talent in town."
It turns out, this was the first time Johnny Athlete visited the medical practice. Johnny's agent found out about the high-profile practice through its social media page, which allowed visitors to submit questions. Acting on behalf of Johnny, the agent posted a question about Johnny's injury. Dr. Smith read his question and submitted a reply offering advice about his injury and advised him to schedule an appointment.
During Johnny's visit, Dr. Smith took a picture of his ankle with his phone and texted it to a colleague for a second opinion. Dr. Smith also emailed x-ray images of Johnny's ankle to his colleague. Following a brief discussion over the phone, it was determined that surgery was necessary.
One day before the surgery, the receptionist called Johnny's cell phone and left a message reminding him of his ankle surgery scheduled with Dr. Smith. Johnny's surgery went perfectly. Afterward, the receptionist took a picture of Johnny as he was leaving the practice and posted it to their website with a comment that said, "Surgery was a Success!"
Patient Communication Issues in the Scenario
Did you identify the following communications issues in the scenario?
- OMG! Johnny Athlete, broken ankle comment
- "Of course, that was Johnny" response to other patients
- Smith's injury advice on practice's social media page
- Receptionist's voicemail on Johnny's phone reminding him of his ankle surgery
Social Networking Issues in the Scenario
Did you identify the following social networking issues in the scenario?
- Receptionist posts "Selfie" with Johnny in the background to Facebook
- Johnny's agent posts to practices social media page and Dr. Smith replies
- Receptionist posts a picture of Johnny on the practice's website post-surgery
Mobile Device Usage Issues in the scenario
How about these issues regarding mobile device usage? Did you identify these?
- The receptionist takes "Selfie" using her personal cell phone during work hours
- Smith used his phone to send pictures of Johnny's ankle to a colleague
- Smith emailed x-ray images of the ankle to a colleague
- The receptionist took Johnny's photo post-surgery and posted it on the website
10 Tips for Patient Communication, Social Networking, and Mobile Device Usage
During Bryan's presentation, he discussed several tips for patient communication, social networking, and mobile device usage. Here are 10 of the tips he suggested, and some additional information to point you in the right direction.
- Use lowered voices did you know this is covered on the Oral Communications slide in the HIPAA Privacy Module? Oral communication should only take place on a need-to-know basis for the patient's care.
- The use of patient portal communication electronically with patients is allowed as long as safeguards are in place. See the following Electronic Communications article for more information and additional tips.
- Minimum necessary information means limiting unnecessary or inappropriate access to and disclosure of PHI. Avoid accessing or discussing PHI that is not essential to the task at hand. This is also covered on the Minimum Necessary slide in the HIPAA Privacy module.
- Use disclaimers and encryption your electronic communications disclaimer should notify the recipient of the insecurity of email or facsimile, and to whom the recipient can report a misdirected message.
- Written informed consent when photos or patient information will be used for purposes other than Treatment, Payment, and Operations (TPO), a valid HIPAA authorization must be obtained from the patient or the patient's legally authorized representative. You should ask the patient for written informed consent to communicate with them electronically (e.g. text, unencrypted email, etc.).
- Determine staff internal/external use of personal social networking pages to avoid a potential breach of PHI or a breach of organization trade secrets, it is essential for all staff to understand the "do's and don'ts" of using and posting to personal social networking pages.
- Keep personal and business social networking separate this is essential for all healthcare professionals and providers. Allowing patients to connect on a personal social networking page could lead to a breach or other incidents.
- Determine staff use of personal mobile devices are staff allowed to use their personal mobile devices during working hours? If yes, what is allowed? What isn't allowed? We highly recommend a Bring Your Own Device (BYOD) Policy and Procedures (see Tip 9).
- Develop, implement and train staff on your BYOD policy In our HIPAA Security module, the Bring Your Own Device (BYOD) slide discusses the use of mobile devices, cell phones, smartphones, and tablets within the workplace.
- Patients' use of mobile devices not only do staff understand what is acceptable for mobile device usage, but patients also should not be exempt. For example, it is a good idea to let the patient know what you can or cannot answer with a text message.
If you have any questions, please feel free to reach us by phone toll-free at 855-427-0427 or send us an email firstname.lastname@example.org.