Your Guide to HIPAA Compliance and Social Media

HomeResourcesBlogYour Guide to HIPAA Compliance and Social Media

Your Guide to HIPAA Compliance and Social Media

Posted on: in [ Best Practices, Compliance, Therapy Business ]

Your Guide to HIPAA Compliance and Social Media

The use of social media isn’t even a question anymore, it’s engrained in the way most people live their lives. As the role of social media grows within the healthcare arena, it’s important to utilize, but how do you ensure you’re HIPAA compliant when doing so? Here are 10 tips for social media compliance.

  1. Don’t Mention Patient Names: Revealing a patient’s name in a Facebook post is considered as identifying protected health information. Discuss cases and not patients.
  2. Be Careful With Your Photos: Make sure your photos are free of PHI, including patient names or files. If you plan on featuring a patient in a photo you will need written consent from the patient.
  3. Create an Office-wide Social Media Policy: Having a written policy that clearly explains the expectations and regulations can help prevent violations.
  4. Select Someone Familiar with HIPAA to Be in Charge: Select a team member who knows and understands how HIPAA can impact social media. Allow them to review content before posting it.
  5. Monitor Your Channels: To help monitor social activity, find a program to help monitor the comments and interaction so they can be reviewed before going live. You can also flag certain words to prevent their comments from becoming public to your followers.
  6. Develop a Strategy: Establish a strategy that determines what content will look like for your practice or clinic. This can help deter from posting content that may be called into question.
  7. Create Canned Responses to Comments: Having the approved and expertly crafted responses not only saves you time, but ensures anything you say is compliant.
  8. Apply Policies and HIPAA Regulation to Private Accounts: Your Social Media Policy should state that HIPAA should extend to personal accounts and PHI should never be disclosed on any profiles.
  9. Never Friend Patients: Along with not posting about patients on social platforms, it’s important to not friend them on Facebook or other platforms as well.
  10. Take a Look at what Health and Human Services Has to Say: To learn more and gather a better understanding of HIPAA and how it applies to social media, visit the HHS website.  

 How is your practice or clinic employing the use of social media while staying in compliance? Leave your comment below!