A social media policy is an essential part of a healthcare organization’s compliance landscape.

It’s a set of requirements that your employees must follow while using the social web. If you’re like most practices within your industry, you’re trying to find new ways to increase your patient volume.

If you’ve done your research, you know that apps like Facebook, Instagram, Snapchat, and even TikTok helps not only get more people through your doors but also stay in communication with your current clients. But a social media policy isn’t solely for your company branded accounts, it reaches into your employee’s personal accounts as well.

How your employees conduct themselves on these apps reflects on your company’s reputation. This then impacts your revenue. But this type of policy ensures that your employees help boost your company’s reputation rather than tear it down.

Here are 10 key takeaways to keep in mind when creating a social media policy for healthcare.

• Consider Who the Policy is For

• Be Encouraging

• Keep It Simple and Understandable

• Include Industry and Legal Standards

• Define Restrictions During Work Hours

• Designate Team Members

• Restrict Topics and Define Processes

• Stay Professional Through Toxicity

• Separate Personal and Professional Life

• Include Update Notices

• Conclusion

When creating your social media policy, consider who it’s for. Establish an objective. This can help when brainstorming what you should add to it.

Here are a few types of employees to keep in mind while considering who your policy should effect.

First, 69% of U.S. adults use at least one social media site. That means it’s safe to say that the majority of your employees have personal profiles in some capacity. With that in mind, you may determine that it’s a good idea to create general guidelines that affect all of your employees.

They don’t have to be overly specific but including them may be enough to protect your patients and your organization in the event of an incident.

Second, you’ll need to address those individuals who control the company’s social media accounts. This is the most obvious group within your workforce you’ll need to keep in mind while drafting your requirements. Although it’s essential for this group, be sure not to over-restrict them as they have a job to do. They work within social applications every day. 

Third, employees who most often work with sensitive information should have specific requirements as well. The healthcare setting is full of sensitive health information. So data that hackers will go out of their way in some cases to target organizations like yours. So your policy must also include informational guidelines for people within this group to ensure your patients remain safe. 

You don’t want to discourage your employees from using social networks altogether. In fact, you legally can’t be that restrictive according to the National Labor Relations Board.

If your policy only includes what NOT to do, it will seem negative and pressuring. Your staff shouldn’t feel like they’re walking on eggshells when they come into work. If they do, they’ll end up looking for a new place of employment.

Instead, include a best practices section for using and presenting themselves. Encourage them to talk to management if they have questions or concerns. It’s better to ask questions about something they don’t understand rather than make a mistake. Establish a team member as the point of contact for all employee questions and concerns.

Your policy should encourage positive sharing. You don’t want your employees posting negativity since this would only hurt your reputation. If you encourage your employees to use these apps, they will be more likely to post positivity. 

Using language that’s easy to understand helps your staff understand your policy. But if you’re working with your lawyer, this may be harder than it seems. Avoid legalese whenever possible.

A policy that uses complicated, technical words will fail.

If your workforce can’t understand your policy, one of two scenarios will take place…

1. They’ll get overwhelmed by the verbiage and forget it ever existed

2. They’ll need clarification

Both of these are counterproductive. The first scenario puts your enter organization at risk. At any moment you could face a lawsuit or fine from a social media HIPAA violation. The second instance leads to your compliance team spending the majority of their time re-explaining your requirements.

Using simple, specific language will break down any barriers in understanding. Your staff won’t have to be anxiety-ridden while trying to post photos from their birthday celebration on the internet.

Not only does a social media policy protect your reputation, but it can support against legal ramifications.

I know what you’re thinking, “didn’t she just mention to avoid using overly complicated language?” You’re right, I did. But there are regulations within healthcare that employees need to comply with. As an example, the Health Insurance Portability and Accountability Act (HIPAA), restricts what’s permissible to post.

Be sure to reference these within your social media policy. This reiterates the importance of employee adherence outside of their time spent within the office. Not only should you mention these in your policy, but make sure your employees have adequate training on them as well. 

Not having proper training will lead to a violation. If they know what they can and can’t post, it can save them from violating both your policy and legal standards. 

If you have some patient testimonials laying around, your marketing team will want to share them to show off how great your organization is. But sharing information, stories, and photos of patients always requires authorized consent. Your team wouldn’t know that they need permission if it isn’t detailed within your social media policy.

When you walk around the office, you don’t want to see your employees constantly on their phones or taking selfies. This is especially true if there's patient work piling up. That’s understandable.

But they’re going to have breaks at some point. 

As a healthcare employer, this presents a risk, especially with so many photo sharing platforms. Imagine the blowback your organization would receive if a patient or their information ended up in the background of an image or video one of your employees shared on the internet.

This is why it’s so important to define any rules for using social apps at work. Some organizations include these within their employee handbook but to be safe, include these rules within your social media policy as well.

However, you don’t want to be overly restrictive. Breaks help your employees get away from the hustle of the workday for a little bit. In fact, 90% of employees who take regular lunch breaks are more productive.

While you’re drafting your these workplace rules, brainstorm some of them with a handful of different employees and gauge their reaction.

If you tell them you plan on banning phone usage while on your organization’s campus and receive push back, maybe designate a private area of the building where they can use their phone.

Make it clear who should represent your company on the social web. You can’t control if your employees post their opinions on their personal accounts. Instead, ask them to denote that their opinions are their own within their profile.

As an added bonus, ask that your employees also include their role within the company on their bio. That not only lets the public know that they’re an integral part of your team, it helps them establish credibility.

You’ll still want to give your brand a personality so that it’s easier to grow a following. But keep posts on your company accounts accurate and factual.

As a personal touch and to keep track of who’s responding to posts, have your team add their first initial to the end of responses on the organization’s account.

There are certain topics that companies should avoid on these different platforms since they’re sensitive to the masses.

You can’t 100% control what your employees post on their accounts, but your policy should detail topics to avoid. After all, your workforce is a representation of what your organization stands for.

As an example, don’t allow unqualified individuals to give medical advice over the social web. Many people go online to try to diagnose themselves, which presents an opportunity for you as a healthcare provider.

However, you don’t want your employees who aren’t unlicensed doctors to misrepresent your organization by giving out bad health tips. 

If someone reaches out on a social network about a health condition, ensure that your team knows to notify one of the doctors within the organization. In the meantime, have them respond to the message with a status update.

Once your team receives recommendations from the in-house doctors, they can respond with them. Detailing this response process requires its own section within your social media policy and maybe even some training. But once your team knows what to do in this scenario, it will do wonders for your word of mouth marketing. 

It’s important to recognize that not every interaction will be perfect with these platforms. What I mean by that is, toxic comments will eventually make their way into your feed.

People love to criticize posts, especially when they come from organizations.

That’s why it’s so important for your employees to stay professional while replying to critical posts. This will help your reputation because outsiders of the reply chain will see the positivity of your company. 

In other words, make sure your policy includes how to handle negative comments. 

In some cases, comments could include spam or off-topic ideas. Treat these comments and replies like you would a phishing attempt via email.

Include within your policy if employees have permission to delete them. Off-topic comments could confuse other visitors. Plus, it isn’t the type of traffic you want, so employees shouldn’t contribute to these. 

Encourage your employees to keep their personal and professional lives separate. While they may want to share opinions or stories from work, they need to remember to do so with caution. 

They shouldn’t share information that could hurt your company’s reputation, even if they think it won’t get out of their private accounts.

As the old saying goes...once it’s on the internet, it’s there forever. 

Some stories could also violate HIPAA or other legal regulations if it includes a patient. If they keep their personal and professional life separate, they don’t have to worry about these mistakes.

Additionally, your policy should include requirements for “friending” customers/patients. Employees may form close relationships with their patients. But being friends on social media can be a privacy concern, so your staff should steer clear of this. 

Policies aren’t a “set it and forget it” document. They’re a living document. In other words, as time goes on you may need to add or amend requirements within them.

So you’ll need to add a clause within your social media policy that your company has the right to update it at any time.

This way, if your company does make updates, employees can’t claim ignorance. Encourage them to review the policy regularly and when an update happens, notify your staff. 

Creating a social media policy is tedious, especially within healthcare. But it can save your company from thousands of dollars in fines.

If your employees know what’s permissible, it’s easier to avoid and address any misconduct. It also encourages communication for questions and clarification. 

Staff members will feel more confident that they’re adhering to company requirements. This encourages them to continue using social apps and while not feeling pressured while working for your organization.

If your organization doesn’t already have a social media policy, you can use these tips as a good starting point. Even if you have one, consider updating your policy to add them.

That way, you’ll be up-to-date with how to best use and manage these platforms within your healthcare organization.