Companies in highly regulated industries such as financial services, pharmaceuticals, healthcare, and insurance don’t have a major presence on social media. Each of these industries has a different federal regulatory agency with its own rules, regulations and supervisory guidelines that companies must adhere to. Many regulated companies know that social media is important but are fearful of violating regulatory requirements. The social media compliance guidelines of the federal regulatory agencies are often vague and there is a large grey area. Companies are unfamiliar with the distinction of what is permissible on social media and what is not. Therefore, regulated companies tend to stray away from social media altogether. As we all know this is the exact opposite of what any company should do.
Heath Insurance Portability and Accountability Act – The HIPAA Privacy Rule addresses patient privacy and Protected Health Information without written authorization of the patient. There are no specific social media rules. However, the law applies to health-care providers and health plans, and their workforce. Anything found on social media inconsistent with HIPAA’s privacy and security regulations is subject to penalty.
Food and Drug Administration – The FDA took action to clarify social media concerns on how drug-makers are to interact with requests for off-label information through social media. The FDA guidelines encourage direct responses taking public comments into a private channel.
Securities and Exchange Commission – The SEC has addressed social media related to financial services, mainly registered investment advisers. The National Examination Risk Alert: Investment Adviser Use of Social Media recommends that social media users regularly monitor and review content in order to stay within “the federal securities laws, including, but not limited to, the antifraud provisions, compliance provisions, and record-keeping provisions.”
Financial Industry National Regulatory Authority – The FINRA published Regulatory Notice 10-06. It was composed of guidelines for blogs and social networking sites and specifying record-keeping responsibilities and supervision requirements. Regulatory Notice 11-39 dives deeper into regulations concerning archiving both one-way and two-way communications.
These agencies need to clarify how the current regulations put in place apply to social media. It will be interesting to see how these agencies respond as social media continues to flourish.
Tips for regulated companies implementing social media:
- Research regulatory requirements of industry and how they pertain to social media.
- Develop a strategy as well as policies and procedures on social media with the help of the legal and compliance department and the human resources department.
- Educate employees on social media use in the company.