HIPAA compliance guidelines for social media usage

HIPAA compliance guidelines for social media usage

Social media can be a powerful tool for healthcare organizations to spread awareness. But in using social media, these organizations must adhere to specific Health Insurance Portability and Accountability Act (HIPAA) compliance standards. In this blog post, we will discuss guidelines for HIPAA compliance regarding the use of social media.

What social media actions violate HIPAA rules?

Posting patients’ protected health information (PHI) on social media without the patients’ permission or authority, even if it’s accidentally, is a violation of HIPAA regulations. This includes actions like:

  • Sharing pictures with patient information visible in the background
  • Sharing any form of PHI (such as images or videos)
  • Posting any information that could identify an individual
  • Sharing gossip about a patient, even if the patient’s name is not mentioned

What are the consequences of violating HIPAA?

The healthcare industry should never treat HIPAA violations lightly. If an employee is found guilty of breaking a HIPAA rule, they could face fines between $100 and $1.8 million depending on the severity of the violation. They could also face a 10-year jail sentence, lawsuits, job termination, and revocation of their medical license.

How can healthcare organizations prevent violations?

There are simple ways to avoid HIPAA violations while using social media:

  • Don’t post stories about patients on social media. Even if a patient’s name is omitted, they could still be identified by their diagnosis or treatment.
  • Check the background of your photos before posting. This ensures that you don't violate policies prohibiting the posting photos of a patient or their information, whether intentional or not.
  • Prohibit employees from offering medical advice on social media. It’s best to refrain from posting diagnoses or treatment plans on social media, even if a patient asks for medical advice.
  • Always get written permission. Sometimes, a patient’s story is too great not to share. Maybe they made an astonishing recovery or exhibited great strength in the face of adversity and you want to share their accomplishment. In cases like these, ask for written permission from the patient before posting their story or anything that pertains to them on social media.
  • Train employees on HIPAA security and HIPAA privacy procedures and policies. Make sure to cover topics such as workstation use, workstation security, and personal device usage for work. This ensures that employees comply with HIPAA rules and are protecting patient information, whether it be electronic, written, or oral.

By taking the steps outlined in this article, you can create a safe and confidential environment for all patients. Feel free to call us today if you need help in creating policies and procedures to ensure your staff’s compliance with HIPAA social media rules, or if you need help managing the IT and privacy of your healthcare organization.

Published with permission from TechAdvisory.org. Source.


Email is the primary avenue of attack for most cybercriminals, who use it to target individuals and businesses with phishing scams, ransomware attacks, and other cyberthreats. Learn how email security maintains the integrity of your emails, accounts, and data.GET A FREE COPY NOW!
+