Social Media Sample Template
Policy Name: Social Media Guidelines
Effective Date:
Departments Affected: Workforce
Purpose: This policy provides employees of [organization]
with the requirements for participation in social media. The
policy establishes conditions and limitations related to the use
of social media by staff.
Scope: This policy applies to all [organization]’s employees,
contractors, medical staff, volunteers, and workforce members.
Policy: Social media may be used by [organization]
employees and workforce members, in the course of their job responsibilities, for business-related purposes subject to the restrictions set forth in this policy. These restrictions are intended to
ensure compliance with legal and regulatory restrictions and
privacy and confidentiality laws and agreements. Social media
includes items such as blogs, podcasts, discussion forums,
and social networks.
Definitions
Blog: Short for “Web log,” a site that allows an individual or
group of individuals to share a running log of events and personal insights with online audiences.
Electronic media: noncomputing devices (floppy diskettes,
flash memory drives, CDs, DVDs, tapes, hard disks, internal
memory, and any other interchangeable, reusable, and/or portable electronic storage media) ( 1) on which electronic information is stored or ( 2) which are used to move data among
computing systems/devices.
Protected health information (PHI): individually identifiable
information (oral, written or electronic) including, but not limited to, information about a patient’s physical or mental health,
the receipt of healthcare, or payment for that care; patient records; name, address, Social Security number, account number and others. Individually identifiable health information in
[organization] employment records is not PHI; however, it may
be subject to other state and federal privacy protections.
Social media: variety of formats that include, but are not
limited to, blogs, podcasts, discussion forums, wikis, videos,
and social networks like Facebook, LinkedIn, and MySpace.
Responsibilities: This policy applies to employees and workforce members using social media while at work. It also applies to the use of social media when away from work, when
the employee’s [organization] affiliation is identified, known, or
presumed. It does not apply to content that is nonhealthcare-related or is otherwise unrelated to [organization].
Using social media. Employees are expected to adhere to
all existing [organization] rules and policies when using or participating in social media. All the rules that apply to other [or-
ganization] communications apply here, specifically: respecting employees, patients, customers, and one another; protecting confidentiality, privacy, and security of patient identifiable
information, PHI, employee identifiable information, and
[organization] information; and safeguarding and proper use of
[organization] assets.
Be respectful. Employees may not post any material that is
obscene, defamatory, profane, libelous, threatening, harassing, abusive, hateful, or embarrassing to another person when
posting to [organization] hosted sites.
Abide by the law and respect copyright laws. Employees
may not post content or conduct any activity that fails to conform to any and all applicable state and federal laws. For both
[organization] and its employees’ protection, it is critical that all
employees abide by the copyright laws by ensuring that they
have permission to use or reproduce any copyrighted text,
photos, graphics, video, or other material owned by others.
Obtain pre-approval before setting up [organization]-
hosted sited. Employees must seek approval from the privacy, information technology, and marketing/public relations
departments before setting up a [organization]-hosted blog or
other social media site.
Proprietary information. Employees may not disclose any
confidential or proprietary information of or about
[organization], its affiliates, vendors, or suppliers, including but not
limited to business and financial information, represent that
they are communicating the views of [organization], or do anything that might reasonably create the impression that they
are communicating on behalf of or as a representative of
[organization].
Patient confidentiality. Employees may not disclose any
patient identifiable information of any kind on any social media
without the express written permission of the patient. Even if
an individual is not identified by name within the information
you consider to use or disclose, if there is a reasonable basis
to believe that the person could still be identified from that
information, then its use or disclosure could constitute a violation of the Health Insurance Portability and Accountability Act
(HIPAA) and [organization] confidentiality policy.
Employee confidentiality. Employees may not disclose any
personal information obtained through records or documents
viewed or obtained though the normal course of business at
the [organization].
Self-hosted sites. Employees must not say or suggest that
the views and opinions they express related to [organization]
and healthcare topics represent the official views of
[organization].
[Additional responsibilities for other individuals or depart-ments]
Violations: [Add organizational policy]
