1. All content posted on official department social media accounts must be reviewed and approved prior to publication.
 

i. Privacy Officer has reviewed both the content that references client PHI/PII and a valid Authorization for Use and Disclosure of Protected Health Information is signed by the client and specifying the content to be posted and on which social media channels (DMH-602)

ii. Only the Public Information Officer or designee may post content on DMH social media accounts.

iii. The MH602 must include the following information (HIPAA §164.508):

B. Workforce members must ensure all privacy practices and safeguards are adhered to when posting PHI/PII and that it is reviewed and approved. Workforce members shall:
 

1. Verify that content does not contain PHI/PII or confidential organizational information.
 

3. Ensure content is professional, appropriate, and non-discriminatory and aligns with the Department's Code of Conduct.

4. Submit all proposed social media content, including signed authorization to the Supervisor/Program Manager for review and approval. The Supervisor/Program Manager forwards approved content to the Public Information Office for posting to DMH social media accounts.

5. Do not post DMH-related content to personal or program-level social media accounts, including the Public Information Office (PIO) social media account and, the Director of DMH's official account (if applicable).

6. Retain documentation verifying posting approval to include: