Facebook Messenger and Your Medical Clinic’s HIPAA Compliance

Facebook Messenger and Your Medical Clinic’s HIPAA Compliance

One of the hardest asks we can make of millennials is a phone call. Folks who study this generation have theorized that phone calls take too much time and aren’t as efficient as a text or direct message. Whatever the reason, millennials now make up 50% of the workforce, are making their own medical appointments, and are the parents of many clinic’s youngest patients. When we ask them to call a medical clinic for an appointment or test results, we’re likely met with a groan.

Facebook Messenger, along with many other messaging apps, are the go-to communication tool for millennials as well as many Gen Xers. But is it HIPAA compliant? 

We can’t advise you on HIPAA compliance, but we can point to some resources which all say Facebook Messenger isn’t compliant. The main reasons boil down to a lack of a Business Associate Agreement (BAA) and inappropriate audit and access controls.

Still, many patients will send a Facebook message to through the clinic’s Facebook page because it’s easier than picking up the phone. Often, they receive a message in reply much faster. Unfortunately, this communication could ultimately cost a clinic in HIPAA violations.

The easiest way to avoid having patients contact your page via Facebook Messenger is to disable access to Messenger from your page. Facebook makes the process simple. Click Settings at the top right of your Facebook page, then in General Settings toggle the switch for Messenger.

Facebook Messenger; Turn off Facebook Messenger; Facebook Messenger HIPAA

If you can’t communicate with your patients via Facebook Messenger, how do you provide a communication tool that’s native to your techy younger patients?

Lucky for all us, many tools exist to fill the void. To choose the right tool for you, ensure first it specifically says it’s HIPAA compliant, it offers appropriate audit and access controls and agrees to sign a BAA. 

You don’t have to stick with one tool. Many patient portals offer messaging options and the capability of sharing test results in a HIPAA compliant manner. Encourage all your patients to sign up for the portal and offer new patients a way to sign up. Consider offering a secure method of appointment requests from your website. This might be an encrypted form or a third-party that makes appointments directly from your website.

Technology increases access to medical providers, information and updates. We can use these advances to benefit patients while protecting their information. Use social media to share the ways your patients can reach out without having to call, but make sure they understand Facebook Messenger isn’t their best option when contacting your clinic.