Tuesday, 12 March 2019 05:27

Dentists, Here’s your Social Media Primer Featured

Written by

By Diane Evans

Publisher, MyHIPAA Guide


For a dentist, social media can be a great way to communication valuable information.  Conversely, it could be your worst nightmare if patient privacy is violated.


The challenge is in harnessing the benefits of social media without violating anyone’s privacy.   And that is best achieved through a Social Media Policy that encourages the sharing of information while always protecting privacy.


With a Social Media Policy, you as a dentist can set and enforce clear processes for what may be posted and by whom.    Here are some suggestions on what to include in your policy:


  • Allow social media postings only with proper authorization.
  • Prohibit the transmission of patient images via any electronic media.
  • Educate staff on appropriate social media activities.
  • Require explicit permissions from patients for even the slightest online reference linking an individual to your practice.
  • Prohibit staff from taking photos or videos of patients on personal devices.
  • Set restrictions on patients’ use of personal devices once they are in your clinical area.
  • Require prompt reporting of any infractions or potential breaches.

The objective is to create a culture of vigilance so that privacy protections become instinctive.  It’s about a mindset, rather than the mere motions of a regulatory requirement.

What’s at stake is the integrity of your practice.  Your patients trust you, and you of course want to uphold that trust.


Once you have a Social Media Policy in place, it’s helpful to have a collective understanding within your practice of how social media infractions commonly happen.    Here are the leading culprits:


  • Carelessness:  This is the most common issue of all in breaches, and typically involves well-meaning intent.  Here is an example from an federal case that led to a fine: A small practice included a patient testimonial on its website, but failed to get written permission to do so.


In situations such as this, a practice can expect to avoid fines if an underlying HIPAA compliance program is in place, and the breach occurred due to a violation of internal policy.


  • Personal vendetta: In some cases, an employee discovers embarrassing information about a patient, and then spreads that information via social media.  An example from an actual case, reported by ProPublica and resulting in a lawsuit and undisclosed settlement: A medical staff member discovered that her former friend had a sexually transmitted disease.  A post to Facebook followed, noting the former friend’s diagnosis and her full name.


A cautionary note to dentists:  Be extra careful with information with high gossip value.  For instance: If a local mayor gets a tooth knocked out in a fight, and then shows up at your office, take extra security precautions.


  • Laxity:  This is also a common cause of fines. In these cases, regulations under the Health Insurance Portability and Accountability Act (HIPAA) get relegated to low-priority status.  Privacy is not top-of-mind, and breaches become more likely.

If a complaint leads to a HIPAA audit, expect stiff fines for lack of an underlying HIPAA compliance program, which must include risk assessment, security policy implementation and management of Business Associates.


Dentists, for our plan to help you get compliant in three easy steps, go to https://www.myhipaaguide.com/3steps/






Read 66 times Last modified on Tuesday, 12 March 2019 05:34
More in this category: « Set the Table for Compliance

10 Step HIPAA Plan

  • Step 1: Make Sure you Must Comply with HIPAA +

    What's Inside:
    Lists of who is generally covered and who is not, plus contact for inquiries.
  • Step 2: Designate Team Leaders +

    What's Inside:
    • 7-page HIPAA basics
    • 62-page guide to security and privacy of ePHI
    • Compliance Charter Template
  • Step 3: Develop Security Policies & Procedures +

    What's Inside:
    Templates for Security Policies and Procedures
  • Step 4: Conduct a security risk analysis +

    What's Inside:
    • Guides
    • Short videos
    • Interactive quizzes on risk assessment and contingency preparation
    • 10 common myths

    Interactive tutorial – 156 questions with fill-able PDFs for Windows or iPad. All material from federal sources.
  • Step 5: Develop an action plan +

    What's Inside:
    • 11-page overview on ePHI for small practices
    • 4-page Q&A addresses email with patients
    • Checklists

    Toolkit on 45 implementation specifications
  • Step 6: Reduce Risks of a Breach +

    What's Inside:
    • Overview of expectations
    • Annual Work Plan Template
  • Step 7: Train the Team +

    What's Inside:
    • Form for reporting breach notification
    • Links to details on the notification process and what constitutes a breach.
    • Suite of Training Materials
  • Step 8: Customize Privacy Notices +

    What's Inside:
    FOR ALL:
    • Privacy notice templates to help achieve meaningful consent, in English & Spanish.

    • Professionals' guide covering 2013 updates on communications.

    • Electronic toolkit with patient education and meaningful consent sample materials.
  • Step 9: Execute Business Associate Agreements +

    What's Inside:
    • Sample Business Associate Agreement (BAA) provisions
    • Suite of BA Management Tools
  • Step 10: Verify Compliance with HIPAA +

    What's Inside:
    • Tip sheets
    • Short videos
    • Overviews

    • 94-page guide on the EHR incentive program
    • Beginners' toolkit on reporting to the government

    All from federal sources.
  • 1


Member Access