WHITE PAPER SocIAl MEdIA for Regulated Industries www.socialvolt.com
Social MediaExecutiveoverviewSocIAl MEdIA REgulATIonMost companies have accepted the fact that by now they ought This whitepaper will discuss the various regulations and risks thatto be engaging in social media activities in one form or another. certain industries must keep in mind, and offer guidelines on howThose who are late to the party, however, are often from highly- to develop a compliant corporate social media strategy.regulated industries such as financial services, pharmaceuticalsor healthcare. despite the promise of genuine, real-timecommunications with customers that could greatly benefitmarketing and public relations efforts, social media can presentquite a challenge with regard to regulatory compliance.for example, brokerage firms dealing with financial IndustryRegulatory Authority (fInRA) regulations need to be concernedabout whether responses their employees provide to customers “despite the promisein social media communities adhere to suitability and investmentproduct recommendation rules. likewise, pharmaceutical of genuine, real-timecompanies engaging in social media must ensure that anyconversations about a product, whether they are on facebook or communications withTwitter, feature the fdA-required safety information. Healthcarecompanies must be cognizant of Health Insurance Portability customers that couldand Accountability Act (HIPAA) laws and not disclosing patientinformation online. And, any public company needs to be ontop of every tweet to monitor whether it complies with theSecurities and Exchange commission’s (SEc) public disclosure and sales efforts, socialrequirements.Heavily regulated companies need to arm themselves with media can present quitethe proper tools and information to engage in social media inan intelligent, compliant way – without completely stifling the a challenge with regardcreative, genuine nature of the medium. This can be a difficultbalance to strike, but it can definitely be achieved. to regulatory compliance.” SocIAl MEdIA foR REgulATEd InduSTRIES .2.
Social MediaSocial MediaAnd THE fInAncIAl SERVIcESInduSTRYA deluge of regulatory requirements has slowed the financialservices industry’s adoption of social media. According to a recentsurvey conducted by Accenture1, 60 percent of retail banks stillconsider themselves social media novices. And a recent researchreport by celent2 adds that when it “comes to acquiring and re-taining clients, social media channels are on their way to becomingas important as traditional media channels for wealth managers.” “Sixty percent of retail banksclearly, the industry is starting to realize that social media can reappositive benefits for firms, from building relationships with currentand prospective clients to finding new business. However, thefinancial services industry is forced to comply with strict industryregulations, especially from fInRA, the SEc and, for uK compa- still considernies, the fSA. themselves social media novices.” 1 Accenture, “Social Banking: The Social networking Imperative for Retail Banks” 2 celent, “Social Media in Wealth Management,” January 18, 2012 SocIAl MEdIA foR REgulATEd InduSTRIES .3.
Social Mediaunderstanding the guidelines:fInRA 4. Supervision of Social Media Sites: firms are required toone of the industry’s largest regulatory authorities, fInRA, supervise interactive communication on social media andnow provides comprehensive guidance for how regulated adopt policies to stay in compliance. This means that firms arebanks can maintain compliance while engaging in social media responsible for making sure any social media communicationsactivity – Regulatory notice 10-06 and Regulatory notice 11-39. made through their accounts, no matter which employeeRegulatory notice 10-06 details the recordkeeping, suitability, posts it, remains in compliance with fInRA guidelines.supervision and content requirements for such communications,while Regulatory notice 11-39 explains the ins and outs of social 5. Third-Party Posts: Social media posts from third parties arenetworking site usage and communication. Together, these not considered communications from a firm, unless the firmprovide the framework for how to maintain compliance while has endorsed or is involved in the preparation of the content.engaging in social media. This means that firms are not responsible for what others say or claim about their products and services, unless theyHere are five main areas in which fInRA provides guidance for actively involve themselves with the third-party content.social media3:1. Recordkeeping: All social media activities must be kept to comply with record retention guidelines. This means that firms cannot delete, and must archive, social media activities.2. Suitability Responsibilities: Social media communications that include recommendations of any type must follow nASd Rule 2310. This means that firms cannot make promises through social media that they could not make via traditional communication methods.3. Types of Interactive Electronic Forums: Static social media content requires principal approval; interactive social media content does not. This means that any social media content that is real-time communication does not require principal approval, while static content on social media, including profiles and advertising, does require the approval of the firm’s registered principal. 3 guidelines sourced from fInRA Regulatory notice 10-06 and fInRA Regulatory notice 11-39 SocIAl MEdIA foR REgulATEd InduSTRIES .4.
Social Mediaunderstanding the guidelines:fSAThe financial Services Authority (fSA) is the regulator of theu.K. financial services industry. In 2010, it issued guidelines7 forusing new media for financial promotion, which it defines as: “acommunication that is an invitation or an inducement to engagein investment activity.” Per the fSA, social media communications(both promotional in nature and otherwise), must comply withstandard communications rules found in the fSA Handbook8,including sections coBS 4, BcoBS 2,IcoBS 2 and McoB 3. A brief summary of those rules follow: all communicationsMore can be read about the specific guidelines for investment,insurance and mortgage firms in the fSA’s “Stand-Alonecompliance” document9. not meant to discourage social mediause, the fSA’s guidelines are just another step in the financialservices world to ensure that firms are using the mediumappropriately and legally to minimize risk and potential litigiousside effects. 7 fSA, “financial Promotions Industry update: financial Promotions using new Media”, June 2010 8 The fSA Handbook 9 fSA, “financial Promotions Industry update: Stand-alone compliance,” Sept. 2009 SocIAl MEdIA foR REgulATEd InduSTRIES .6.
Social MediaSocial MediaAnd THE PHARMAcEuTIcAl InduSTRYThe pharmaceutical industry has long been reluctant to engagein social media activities, and strict fdA regulations have madepharmaceutical marketers notoriously risk averse. In fact, thefederal drug Administration’s (fdA) strict communications rulesand contrasting silence on social media parameters led to anabrupt shut down of many pharmaceutical facebook pageswhen the site eliminated the option to shut off public comments inAugust 2011.In January, the fdA finally issued draft guidance forpharmaceutical companies on how they should interact withconsumers on social media. Though the guidelines representan opportunity for pharmaceutical companies to appropriatelyengage in social media, many still have concerns. for example, “despite the fact thatpharmaceutical companies want to know the extent to which theymight be held liable for information posted on social media sites by social media use is stilloutside parties (i.e., false claims about drugs, adverse effects). in its infancy within thedespite the fact that social media use is still in its infancy within thepharmaceutical industry – and will be until the fdA issues clear pharmaceutical industryguidelines – the industry is starting to realize that social mediaengagement can reap positive benefits for the business, from – and will be until the fdAbuilding relationships with consumers to conducting activities thatdrive sales. Some big brands are already testing the social media issues clear guidelines –waters with positive results. the industry is starting to realize that social media engagement can reap SocIAl MEdIA foR REgulATEd InduSTRIES .7.
Social Mediaunderstanding the guidelines:fdAThe fdA recently issued its first draft guidance10 for Per the fdA, “If a firm responds to public unsolicited requestspharmaceutical companies on how they should respond to for off-label information, including those encountered throughunsolicited requests for drug information. Section VI in the draft emerging electronic media, in the manner described above, fdAguidance, entitled “Responding to Public unsolicited Requests does not intend to use such responses as evidence of the firm’sfor off-label Information, Including Those Encountered through intent that its product be used for an unapproved or unclearedEmerging Electronic Media by drug or Medical device firms” use. Such responses also would not be expected to comply withspecifically addresses social media interactions. the disclosure requirements related to promotional labeling and advertising.”following are the specific recommendations, taken directly fromthe draft guidance: Though not by any means a comprehensive guide for how pharmaceutical companies should engage in social media, it is1. If a firm chooses to respond to public unsolicited requests for certainly a start. off-label information, the firm should respond only when the request pertains specifically to its own named product (and is not solely about a competitor’s product).2. A firm’s public response to public unsolicited requests for off- label information about its named product should be limited to providing the firm’s contact information and should not include any off-label information.3. Representatives who provide public responses to unsolicited requests for off-label information should clearly disclose their involvement with a particular firm.4. Public responses to public unsolicited requests for off-label information described in numbers 2 and 3 should not be promotional in nature or tone. 10 food and drug Administration, “Responding to unsolicited Requests for off-label Information About Prescription drugs and Medical devices,” december 30, 2011 SocIAl MEdIA foR REgulATEd InduSTRIES .8.
Social MediaSocial MediaTHE HEAlTHcARE InduSTRYSome hospitals have avoided leveraging social media platformslike Twitter and facebook due to fears over HIPAA. But, withpatients frequently turning online to research – and in somecases even diagnose – illnesses, social media can certainly be aneffective tool to help find reliable healthcare information.So, with HIPAA prohibiting the distribution of patient informationby both healthcare systems and their employees, is it possible fordoctors to engage with patients safely online? The answer is yes,and already more than 1,200 u.S. hospitals are currently engagingpatients through social media11. “Already more than 1,200 u.S. hospitals are engaging patients through social media.” 11 food and drug Administration, “Responding to unsolicited Requests for off-label Information About Prescription drugs and Medical devices,” december 30, 2011 SocIAl MEdIA foR REgulATEd InduSTRIES .9.
Social Mediaunderstanding the Regulations:HIPAAAccording to HIPAA, a patient has control of his or her own Patients should not be allowed access to this personal profile.protected health information and no one can release that Most importantly, go to your privacy settings and ensure whatinformation without the patient’s consent. The exception is that you share is exposed to your personal circle only. Then, set up aa patient’s information can be shared internally, from a hospital separate facebook page that serves as your public persona thatto a physician (and vice versa) and to payment companies for patients can view. This page needs to be HIPAA-compliant andinsurance purposes. Though HIPAA does not specifically address professionally self-aware.”social media in its documentation, the same rules apply regardingpatient privacy. By keeping guidelines like these in mind, healthcare organizations and their employees can participate in social media while stayingAfter a few well-publicized cases about physicians divulging out of professional danger.patient information online, dave Ekrem, social media manager forMassgeneral Hospital for children, provided a few suggestionsfor how physicians can remain HIPAA-compliant when using socialmedia, including “The Elevator Rule.” He states: “This is a famoustest, probably repeated by compliance departments and trainersat hospitals all over the u.S. If you wouldn’t say it in the elevator,don’t put it online. You can try speaking your post out loud beforehitting the enter key. Take particular care when replying to peoplein real-time venues like Twitter. You don’t have to respond rightaway and if you have any doubt at all, ask a friend or colleague fortheir reaction before you post.”Kevin Pho, an internal medicine physician who sits on the boardof uSA Today, reminds doctors that separating personal andprofessional content on facebook is critical : “I embrace the ‘dual-citizenship’ approach, recently discussed in an Annals of InternalMedicine perspective piece. With facebook in particular, limit yourpersonal profile to friends and family. These are people who canfollow your personal, day-to-day happenings, pictures and video. 12 KevinMd.com, “7 Tips to Avoid HIPAA Violations in Social Media,” June 7, 2011 13 KevinMd.com, “How doctors can use facebook Responsibly,” April 2011 SocIAl MEdIA foR REgulATEd InduSTRIES . 10 .
Social MediaPracticecompliantSocial Media:BEST PRAcTIcESEven the most regulated industries can successfully participate compliance. It is also prudent to make sure the policyin social media if they adhere to internal policies and regulatory leverages a method to limit the number of employees grantedguidelines by building security and control into their social media admin rights to social media accounts.programs. When Appropriate: It’s document a clear, concise corporate important to continually monitor the various social sites. social media policy and communicate it to employees. check facebook posts and Tweets on an ongoing basis Include it in new hire documentation and training. Make sure it and remove inappropriate posts or comments, or implement includes both corporate and regulatory guidelines, and clearly a social media management system that will do this define what is allowed, what is prohibited, and what the automatically based on the constraints you define. ramifications are if an employee does not adhere to the policy. Ensure that external audiences are just as aware of the policy Whether it’s as employees by posting it on facebook pages, blogs and a doctor/patient conversation or a financial adviser/client websites. conversation, take it offline if complying with regulations is a concern. Meet in person or discuss over the phone instead of Any company-facing regulatory controls could in a public, internet forum. also face an audit at any moment. A social media policy should account for this reality by implementing technology Employee education and training is the that archives all content in a way that could quickly and best way to uphold policies, meet regulatory requirements adequately help prepare for an audit. for example, systems and mitigate risk. Regularly educate employees about current that automatically delete or remove social media content social media policies, new programs or networks, and best are not permitted under fInRA guidelines and should be practices. Hold regular “lunch and learn” events and launch a prohibited in your policy. social media certification program that grants graduates new levels of privileges in social communities. Implement a process for review of all authored content. Everyone has heard the horror stories of By making sure a complete and thorough social media policy employees who have posted inappropriate content and the and system is in place, heavily regulated industries can start to resulting consequences. Making sure all content is reviewed recognize the value of social media immediately without living in by a compliance officer or other manager will help maintain fear of violating federal regulations. SocIAl MEdIA foR REgulATEd InduSTRIES . 11 .