Social Media Policies for Personal (i.e. Non-UCSF Hosted) Accounts
UC San Francisco encourages and promotes community involvement in all online communications. The practices provided below aim to allow for meaningful conversation and ongoing community participation by our personnel, while ensuring that institutional and personal views are appropriately represented.
Respect confidentiality. Refrain from speculation on the future of UCSF and its practices. Keep topics focused on matters of public record when speaking about UCSF. Do not disclose confidential or private, non-public information.
If you have any questions about what information is considered proprietary, you should consult with the Office of Technology Management (353-4462) or the Office of Legal Affairs (476-5003).
Do not post photos, videos or information about others without their consent, including students, colleagues, patients, friends, family, etc.
You speak for yourself, but your actions reflect those of UCSF. Unless you have been authorized by the Office of Communications, you should not speak on behalf of UCSF. Do not portray yourself as a spokesperson, or even an unofficial spokesperson, on issues relating to UCSF.
Personal social media accounts may not use “UCSF” in the name and may not use the UCSF logo or branding. When engaging in such personal activities, you may not use your University title in any way that would imply that you are speaking for the University.
All blogs, social media sites, etc. that are not sponsored and approved by UCSF chairs, deans and/or administrators should carry a variation of the following disclaimer if the participant plans to use their UCSF title or affiliation on the site:
“The participant is ______ [a faculty member, staff or student] at UCSF. However, the views and opinions expressed herein do not necessarily state or reflect those of The Regents of the University of California, UCSF, UCSF Medical Center, or any entities or units thereof.”
“All comments here are made in my individual capacity and not on behalf of UCSF, and are not reviewed or approved by UCSF.”
Live by the law. Do not post content that violates any federal or state laws and regulations. Obtain permission to use or reproduce copyrighted content.
As a state entity, UCSF is subject to laws regarding political speech. The University may not endorse/oppose (or contribute to) political candidates, nor may University resources (including University-paid time or equipment) be used for campaign purposes in connection with ballot propositions.
The University does not restrict any member of our community – student, academic appointee, staff employee – from exercising his or her right to engage in personal political activity. However, no member of the University community may use University facilities or resources (including time on the job) for political purposes, except as specifically permitted by University regulations. In addition, care should be taken to avoid creating any misperception of University endorsement of a particular political position.
You are free in your private individual capacity to endorse any political candidate or either side of a ballot initiative, but you must avoid any improper inference of University endorsement of a particular position. Specifically, a University employee may use his or her University title for identification purposes only, and should include a disclaimer of University endorsement if the context might reasonably cause confusion as to whether a political endorsement is made in an official or unofficial capacity. To avoid creating such a misperception, many of those endorsing in political campaigns simply list themselves by name and location – for example, Dr. John Smith, Sacramento.
Again, the limitations discussed here in no way constitute prohibitions on the right to express political views by any individual in the University community. Members of the University community are encouraged to participate in the political process, including supporting candidates and taking positions on ballot measures using their personal resources on their own time.
Additional Best Practices for Health Care Providers
Understand the Health Insurance Portability and Accountability Act (HIPAA) and California’s Confidentiality of Medical Information Act (CMIA). Sharing patient-specific information on social media platforms is a violation of federal and state privacy laws, and can have a devastating effect on you as an individual and UCSF.
Violations under the HIPAA Privacy Rule may incur penalties (which can result in fines of $100,000-$1,500,000 to the organization or the individual), and/or criminal penalties (which can result in fines from $50,000 to $250,000 and up to 1-10 years in prison)1. Violations of CMIA may result in fines of up to $250,000, in addition to criminal penalties. Other consequences of violating HIPAA and/or CMIA may include lawsuits, the loss of a professional health license (medical, nursing, pharmacy, etc.) or employee discipline, leading up to termination.
Common examples of social media HIPAA and CMIA violations include:2
Posting verbal “gossip” about a patient to unauthorized individuals, even if the name is not disclosed.
Sharing of photographs, videos or any form of Protected Health Information without written consent from a patient.
Soliciting health-related information, such as asking what type of medication someone is taking.
Sharing of seemingly innocent comments or pictures, such as a photo from a workplace lunch that happens to have visible patient information in someone’s hands, in the background, etc.
Private or closed groups or private and direct messages on social media channels are not secure forms of communication, and should not be used for communication with or about patients.
Act as if you were at work. Health care providers must maintain appropriate boundaries of the patient-physician relationship in accordance with professional ethical guidelines, just as they would in any other context. Private or direct messages on social channels are not HIPAA- or CMIA-approved avenues for communicating with patients about private health-related information.
Perception is reality. Health care providers must recognize that actions online and content posted may negatively affect their reputations among patients and colleagues, may have consequences for their medical careers (particularly for health care professionals in training and medical students), and can undermine public trust in the medical profession.
The Internet is a public (and permanent) space. In most cases, everything you post online will be seen by a public audience, and deleting things is not a reliable way to remove them from the public record. Expect that your posts and comments on other’s posts can and may be viewed by leadership, patients, prospective patients and the media. Assume everyone is reading your words or seeing your photos, no matter how obscure or secure the site to which you are posting may seem. Remember that anyone can take a screenshot of your activities and distribute them beyond their intended audience.
Please be aware that you may be invoking a spotlight with your post. Make sure you are expressing views that you’d feel comfortable discussing or defending publicly.
Be honest about who you are. If the conversation relates to UCSF, you should identify yourself as working for UCSF. Social media is all about transparency, and your affiliation with UCSF is public information. Don’t hide your identity or affiliations. It’s safer to assume that everyone will make that connection eventually. It’s better to disclose your affiliation rather than be “discovered”.
Conversations and commenting must be in conducted in compliance with HIPAA, CMIA and all other privacy laws and policies.
Be respectful. Avoid posting material that is profane, libelous, obscene, threatening, abusive, harassing, hateful, defamatory or embarrassing to another person or entity.
As a general rule, if you wouldn’t say your comment in a public setting, then you should avoid publishing it on social media. If there is any doubt at all about a certain post, picture or comment then check with your compliance officer or even a colleague before publishing.
Social media posts are part of the public record, and comments made from personal accounts may be grounds for discipline if they are found to violate employee codes of conduct, especially if they place the university at legal risk. Examples may include harassing a coworker or violating HIPAA and/or CMIA.
Think it through. Identify the purpose of your social media channel, to whom you intend to reach (audience), the types of content you intend to share, and the overarching image you wish to convey, especially if you plan to use social media for professional development. Your strategy should help make decisions about the content you create, the tone you take, how often you publish, the types of subjects you cover, what you do not post, etc.
Listen. Before engaging in online platforms, become an observer. Listen to the conversations, view the content and see what people are talking about.
Many online forums have their own codes of conduct and rules of engagement. Becoming familiar with them shows respect for the practices of the forum and could help you engage more effectively with new communities.
Add value to the discussion. Social media at its best is an exchange of helpful or interesting information through a two-way conversation. Positioning yourself as a source of interesting, helpful, and informative material is a great way to start developing relationships with other members of the community. Ask and answer questions, comment on others’ posts, and thank people when they comment positively on your content.
Avoid arguments. Avoid posting materials or comments that may be seen as offensive, demeaning, inappropriate, threatening or abusive. Respectfully withdraw from discussions that go off topic or become profane.