Social Media in Regulated Industries
Social media use in regulated industries such as Financial Services and Healthcare is beginning to take hold. The benefits are clear - market your products, communicate with customers and get a pulse on your brand image - but it's important to adopt such technologies while adhering industry regulations.
Many organizations have already learned the hard way, in the form of steep fines, when email and instant message records could not be produced if requested by regulators. Let's learn from the lessons of the past and apply them to the future.
Know Thy Regulations
It's critical that regulated organizations have a firm grasp on the regulations that apply to their industries. It's better to err on the side of caution, rather than make costly mistakes. Below are summaries of the rules as laid out by various regulatory bodies.
The securities industry has adopted social media, in addition to other e-communications technologies, slowly due to strict industry regulations. The Financial Industry Regulatory Authority (FINRA) has begun to provide instruction on how regulated firms can maintain regulatory compliance while using social media. Regulatory Notice 10-06 provides guidance on the use of blogs and social networking websites. Since the notice's publication, regulated organizations have raised additional questions regarding the application of the rules in question. As a follow-up, in 2011 FINRA released Regulatory Notice 11-39, which provides further clarification concerning the application of the rules to new technologies.
The Securities and Exchange Commission has recently released the first set of guidelines to assist registered investment advisers (RIAs) comply with antifraud and recordkeeping requirements. The National Examination Risk Alert: Investment Adviser Use of Social Media states, "Investment advisers that use or permit the use of social media by their representatives, solicitors and/or third parties should consider periodically evaluating the effectiveness of their compliance program as it relates to social media. Factors that might be considered include usage guidelines, content standards, sufficient monitoring, approval of content, training, etc. Particular attention should be paid to third party content (if permitted) and recordkeeping responsibilities."
While HIPAA has yet to release specific language conerning social media use, if one reads the HIPAA Privacy Rule, it's easy to see that the current rules apply to social media. In fact, employers that are “covered entities” under HIPAA face direct liability for the acts of any member of their workforce that are inconsistent with the data privacy and security regulations issued under HIPAA. “Covered entities” include most health-care providers and health plans, and their “workforce” includes “employees, volunteers, trainees, and other persons whose conduct, in the performance of work for [them], is under the[ir] direct control, whether or not [the workers] are paid by the covered entity.” All such workforce members are prohibited, with limited exceptions, from using or disclosing individually identifiable health information (“protected health information,” or PHI) without a written authorization from the individual to whom the PHI pertains, and any such authorization must contain very specific language to comply with HIPAA.
In 2011, many Pharmaceuticals organizations quickly shut down their social media profiles due to the Food and Drug Administration's eerie silence on the topic of social media usage. Otherwise known for authoring very strict rules around corporate communications, the FDA has been slow to act in this case. As a result many companies in the space have choosen to shelf their social media strategies for the near-term. Yet, at the end of last year, the FDA issued its first draft guidance for drugmakers on interacting with consumers via social applications. The guidelines recommend that such companies respond to public social commentary by providing a private and direct communications channel with consumers.
Regulated organizations should draft social media use policies that include methods for tracking and archiving all social-media content. Standards and protocols should be well documented and outlined so that employees don't question what is right and what is wrong- they should instinctively know what to do.
Social media is a fantastic tool for collaborating and communicating with your customers. Don't let social media success pass you by because of compliance concerns; research them, address them and learn to safely navigate the social media landscape to find success.