Give the People What They Want: Authentic Interaction and Compliant Communication (Keynote Preview)
How do you reach out and touch someone (digitally, of course) and not run the risk of having the person you want to reach ignore you, or (metaphorically) slap your face or (still metaphorically here) call the cops?
You can be relevant or irrelevant, too open or not open enough. You can be affirming or you can be offensive. But you’re sitting at your keyboard or holding your smartphone, and your audience is in the ether. How do you know? How do you plan? How do you execute?
Do you plan for the mythical “reasonable person?” If not, how do you segment your audience? Who are the personas that your campaigns and other materials are trying to reach? What has to be redesigned and rewritten in order to work?
An example of one communication challenge
For example, information on a particular chronic disease needs to presented in a variety of ways in order to engage a variety of audiences. The mother of a child just diagnosed with diabetes is not looking for the same sort of information or communication as a thirtysomething person with diabetes – and thirtysomething persons with diabetes are not all the same: some have poorly-controlled diabetes with a poor understanding of what is needed to manage the condition more effectively, some are closed-loop quantified-self devotees, engaged patients par excellence.
Once you’ve figured out who it is you are trying to reach, you may have some terrific targeted messaging strategies and tactics ready to roll, but . . . you’re not home free yet.
The regulatory overlay
The second half of the social media planning puzzle is the regulatory overlay that is in some respects unique to healthcare. Yes, we all have privacy rights no matter what the context, but the stakes are higher in healthcare. And there are more interested parties peering over your shoulder, protecting those rights, and enforcing other rules, in various ways -- hoping you do everything right, and ready to pounce if you don’t. It’s not just about HIPAA. There’s a slew of three-letter agencies that have something to say about what you’re writing, filming and posting, and about how you interact with others online.
HIPAA, HHS, FTC, IRS and NLRB
Inadvertently sharing one data point too many about one or more patients could have serious ramifications, starting with a potential HIPAA violation, but also including exposure to investigations and sanctions courtesy of a bevy of other state and federal regulators.
HIPAA is enforced by HHS (the US Department of Health and Human Services’ Office of Civil Rights).
The Federal Trade Commission (FTC) has broad discretion to regulate “unfair and deceptive business practices.” This has led it to regulate health data privacy and security and impose sanctions in some cases that are more severe than penalties for HIPAA violations. The FTC may decide to get involved particularly if your breaches affect a large group of individuals (consider the potential improper sharing of information out of a private Facebook patient group).
Other “privacy police” include your state attorney general.
Other enforcers with strong opinions about the nature of online communications permitted and restricted by your institution could include the IRS (if you work for a tax-exempt organization), the NLRB (if your organization has employees), and more.
Err on the side of caution
Given the potential for straying into regulatory minefields, it’s best to err on the side of caution, and to rely on some policy guardrails that can properly deal with most situations.
Authenticity and compliance. Two lodestones, often seen as pulling us in opposite directions: How can I communicate authentically if I need to worry about compliance? The challenge of course, is integrating your approach to these two core principles in order to give people what they want. At the end of the day, while respecting the regulatory constraints in our industry, we need to truly understand and respect patient preferences if we want to be patient-centric.
Join me at the MCSMN Annual Conference December 11 and 12 in Scottsdale, Ariz.. I’ll be speaking on this topic and meeting with health care social media professionals to discuss the theoretical underpinnings and practical realities of authentic and compliant social communications.
DAVID HARLOW JD MPH has been a member of the MCSMN External Advisory Board since its inception. David is a health care lawyer and consultant with deep domain expertise in digital health, social media, privacy and security, and broader health care business, law and policy matters. He blogs at HealthBlawg. You should follow him on Twitter.