Social Media Policy

Purpose

This policy safeguards patient privacy, scientific integrity, the reputation of the organization, and legal compliance in all ISFA’s social media (ISFA SMS) activities.

 

Rules & Guidelines

1. Patient privacy (PII) — Strictly prohibited
a. Posting any personally identifiable information (PII) of patients is strictly prohibited. PII includes direct identifiers (e.g., name, face, voice) and indirect/unique identifiers that could reasonably lead to identification (e.g., tattoos, rare conditions, distinctive backgrounds, dates, locations, device IDs, and similar data).

b. Liking & Sharing Content
It must be ensured that the content is publicly visible or approved for sharing.
Content containing personally identifiable information (PII) of patients must not be shared without consent. Be aware that likes and shares from official accounts may be interpreted as organizational endorsement. Always follow the platform’s privacy rules and guidelines.
Approval must be obtained from the Account Owner or Compliance Reviewer if there is any doubt about the appropriateness of sharing.

2. Images and consent
If any individual (including non-patients) is identifiable in posted images/audio/video, written informed consent must be obtained before posting. If consent cannot be obtained, the images must be edited or withheld to ensure that the individual cannot be identified (e.g., by cropping, blurring). For minors, consent must be obtained from a parent or legal guardian. The headquarters shall retain consent records for at least 5 years.

3. Political and Religious content
Posts related to political or religious advocacy are generally prohibited. Posts that highlight widely celebrated cultural events—such as Lunar New Year (Spring Festival), Ramadan, Easter, Diwali, Halloween, Christmas, or traditional observances (e.g., New Year’s shrine visits in Japan or Bon Odori)—are permitted only when presented neutrally as cultural exchange (without proselytizing and advocacy).

4. Scientific Accuracy and Citation
Academic or scientific content may be posted only if based on publicly available publications or guidelines. Proper citation, including DOI or official URL, must be provided. Preprints must be clearly labeled as not peer reviewed.

5. Non-Guideline Practices
Posts promoting treatment methods or procedures that are not aligned with established clinical guidelines are strictly prohibited on official accounts. Educational descriptions of such topics are allowed only under Rule 17 (Off label/Investigational), provided they are clearly labeled and presented in a neutral tone.

6. Personal Accounts Disclosing Affiliation
When posting from a personal account while stating ISFA affiliation, a disclaimer must be included clarifying the views are those of the individual, not ISFA (see Appendix A for templates). This is required whenever affiliation is stated.

7. Commercial Promotion
Commercial promotion or advertising (e.g., endorsement of products, services, or specific companies) is prohibited on official accounts. Caution must be exercised when posting from personal accounts as well; any relevant conflicts must be disclosed.

8. Professional Tone
Language that could be perceived as offensive, derogatory, or disrespectful toward individuals or groups must not be used. All posts should maintain a professional and respectful tone even for humorous or satirical content.

9. No Individualized Clinical Direction
Posts must not encourage specific clinical decisions based solely on social media content (e.g., “this treatment works”). No individualized diagnosis or treatment advice should be given on social channels (see Rule 15).

10. Pre-Posting Checks
Before posting, all content must be verified to ensure it is free of misinformation, copyright violations, or confidential material. For official accounts, a two-person review rule (content writer + reviewer) must be applied. When in doubt, consultation with a supervisor, a compliance officer, or public relations representative is required.

11. Takedown/Modification Rights
The Secretariat or designated social media managers may remove or modify posts deemed inappropriate or non-compliant without prior notice, to protect the organizational integrity. When feasible, a brief notification will be sent to the author after the action, and a record of the action will be kept.

12. Scope & Roles
This policy applies to all official ISFA social media accounts and to personal accounts where an ISFA affiliation is stated. The Secretariat designates:
• Account Owners： ISFA Headquarters - access control & publishing
• Content Editors： drafting & fact checking
• Compliance Reviewers：final check and approval for policy/legal/privacy

• Responsibility： ISFA SMS Committee - approval of the general editorial direction and final decision in case of doubt or conflict.

A simple posting workflow is provided in Appendix B.

13. Data Protection & International Compliance
ISFA will comply with applicable data protection laws in every jurisdiction where it processes personal data, including but not limited to: GDPR (EU), HIPAA (U.S.; when ISFA acts as or partners with a covered entity or business associate handling PHI), APPI (Japan), and LGPD (Brazil). Where multiple regimes may apply, ISFA will apply the stricter standard where feasible.

The Secretariat maintains a register of lawful bases, consent records, cross border data considerations, and takedown requests, and executes removals via the Rule 11 process upon valid legal or privacy requests. See Appendix C for named references and official sources.

14. Informed Consent Standards
Use organization-approved consent forms that specify platforms, territories, and duration. For event photography, obtain group or speaker consent according to the venue policy; clearly display “Photo Policy” signage where applicable.

15. No Personal Medical Advice & Handling Health Inquiries
Do not provide personalized medical advice, diagnosis, or treatment recommendations. Use standardized language to direct individuals to their own healthcare providers (see Appendix A). Escalate critical safety messages (e.g., self-harm) per crisis protocol (Rule 24).

16. Embargoes & Conflicts of Interest (COI)
Respect journal and conference embargoes and confidentiality. Disclose COI when posting about studies, products, sponsors, or your own research/relationships.

17. Off-Label / Investigational Content
Educational discussion of investigational or off-label use must be clearly labeled; include citations; avoid prescriptive statements and avoid portraying efficacy/safety as established. Refer readers to current guidelines and product labeling.

18. Event Coverage: Photos, Quotes, Slides
Follow venue and speaker policies. Do not post slides or recordings marked “no photo/recording.” Obtain speaker consent for direct quotes, attribute accurately.

19. AI Generated Content
AI-generated text or images must be human-reviewed for accuracy and bias and labeled appropriately (e.g., “AI generated; not a real patient”). Do not fabricate data, quotes, or realistic images of patients.

20. Accessibility
Provide alternative text for images, add captions/subtitles for videos when feasible, and supply transcripts for text-heavy graphics to ensure accessibility.

21. Account Security
Use official emails, strong passwords, and multi-factor authentication. Limit admin roles, review access quarterly, and use only approved third-party tools and link shorteners.

22. Language and Translation Quality
Maintain a professional tone across languages. Ensure meaning-equivalent translations. Avoid unreviewed machine translation. Maintain an official glossary for key terms. Regional Representatives may translate postings when doing so helps to promote apheresis within their own regions.

23. Community Management & Moderation
Moderate comments to remove spam, harassment, discriminatory content, misinformation, and personal health requests. Document takedowns with timestamp, URL, and rationale.

24. Crisis & Incident Response
In legal, reputational, or safety incidents: pause scheduled posts; escalate to the Secretariat and President; consider a holding statement; maintain an incident log and post-mortem.

25. Records & Retention
Archive official posts, edits, approvals, and consent/takedown logs for 5 years per the organizational records policy.

26. Metrics & Review Cadence
Quarterly review of performance (reach, engagement), compliance incidents, and audience feedback. The results shall be reported to the Board. Update this policy as needed.

27. Enforcement
Possible actions include content removal, access suspension, mandatory training, and referral to governance bodies. Provide an internal channel for reporting concerns.

Appendix A (Disclaimers Templates) -Standard and Simplified

• No medical advice: “Information shared here is for general education only and is not a substitute for professional medical advice. If you have health questions, please consult your healthcare provider.”
• Views my own: “The views expressed are my own and do not necessarily reflect those of ISFA.”
• Off-label/Investigational: “This post discusses investigational/off label use for educational purposes and is not an endorsement. Please refer to current clinical guidelines and product labeling.”
• AI generated image: “Image generated with AI; not depicting real persons or patients.”
• Simplified version: General info only, not medical advice. Views are my own. Educational discussion only. AI images not real people

Appendix B — Posting Workflow (Official Accounts)

Draft (Content Writer) → Fact check & Citation check → Compliance Review (Reviewer) →Posting (Account Owner) → Publish (Account Owner)

Emergency: Post freeze → Escalate to Secretariat/President → Prepare holding statement → log the incident.

Appendix C — Named legal references (non exhaustive)

Purpose of this appendix: This appendix lists the primary data protection laws referenced in Rule 13 and elsewhere in the policy, and should be consulted for authoritative definitions and scope.

•           GDPR — EU General Data Protection Regulation.

• HIPAA — U.S. Health Insurance Portability and Accountability Act (Privacy & security Rules; PHI).

•           APPI — Japan’s Act on the Protection of Personal Information.

•        LGPD — Brazil’s Lei Geral de Proteção de Dados Pessoais.

(Consult official sources for current versions.)