Social Lockdown

Using social media is a low-cost alternative to more traditional forms of advertising, and successful social media campaigns can help build strong bonds between businesses and their customers. However, medical aesthetic practices are particularly susceptible to certain types of social media violations that can attract the unwanted attention of the federal government. Here’s a quick guide that will help you better understand the possible pitfalls with social media and your medical spa.

Understanding HIPAA

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is synonymous with the issue of patient privacy. Its Privacy Rule prohibits medical institutions from sharing protected health information, which it defines as anything that identifies a patient.

The government takes the issue of patient privacy very seriously. If medical institutions, including medical spas, are found to have violated HIPAA, they are subject to substantial fines—hundreds of thousands of dollars per violation, in some cases. And most states enforce even stricter patient privacy statutes, so it is imperative that medical institutions ensure that patient privacy is always observed.

It’s also important for medical aesthetic professionals to understand that medical spas are, in fact, medical institutions. Therefore, they are subject to the regulations that govern medical institutions, including HIPAA. Following the laws that govern more traditional healthcare outlets is the best way to reduce exposure to potentially crippling disciplinary action.

Privacy Laws

Despite the fact that medical spas are medical institutions, they exist in an unusual market. The services they offer are elective, so they must sell themselves in ways that traditional healthcare outlets typically do not. And there is plenty of competition for a customer’s attention, so marketing campaigns in this space need to be cost-efficient and effective. This is why many medical spas turn to social media to help promote their businesses. Unfortunately, it is easy for a medical spa to expose itself to patient privacy issues with even the best-intentioned social media activity. There are three major ways that medical spas tend to violate patient privacy laws on social media.

1. Publicly reaching out to a patient.

If you are connected with clients via a social media channel, you might think that reaching out to them after a visit to publicly thank them seems like a great way to build a relationship. Unfortunately, this may constitute a violation of state and federal laws, because, through this interaction, you’re revealing that client is your patient.

2. Publicly responding to a positive comment from a patient.

Let’s say that one of your patients posts a positive comment on your Facebook wall—something along the lines of, “Had a great Botox treatment here today!” Your natural inclination may be to post a polite response. However, this, too, can represent a breach of a patient’s privacy, because you’re stating that you provided said customer with treatment.

3. Responding to negative reviews.

Yelp is a service that allows its users to rate the experiences they have as customers. In the last quarter of 2014, Yelp claimed that more than 135 million unique visitors per month refer to its more than 71 million user-generated reviews—so make no mistake, it is immensely powerful. Unfortunately, there is a dark side to Yelp. It has user-content guidelines, but its enforcement is spotty, so not everyone plays nice. And negative reviews can have an impact on prospective customers. Even if an outlet has mostly four- and five-star reviews, readers often gravitate to the handful of one-star reviews in order to familiarize themselves with the worst-case scenarios.

Most businesses can deal with problematic Yelp reviews. They can engage the unhappy party publicly on the service and attempt to show other users that they’ve done nothing wrong. Medical spa professionals, however, cannot respond to these posts, because if they do, they may violate HIPAA and related state laws by identifying the user as a patient. It’s not fair to medical spa owners and operators. But even if a user posts something that is patently false, a medical spa cannot defend itself online. It can be enormously frustrating.

The best way for medical spas to combat bad Yelp reviews—the only way, really—is to encourage happy customers to post positive reviews. There are no guarantees with this strategy, as you’re essentially asking customers to work to promote your business for free, after all. But there is little else that can be done online without violating patient privacy laws.

Staff Savvy

Make sure that everyone involved in every social media campaign conducted by your medical spa—as few people as possible, ideally—understands that it is of paramount importance that patient privacy be respected in every interaction. Few medical spas can survive the penalties associated with these violations, so it is imperative that you do whatever is necessary to avoid them.