April 6, 2018  | Updated: May 13, 2020

Category: HIPAA Compliance

Almost everyone today uses social media for a variety of reasons. More and more consumers are getting information about health and wellness through social media platforms. In a study conducted by Search Engine Watch, more than 33 percent of consumers reported using social media to find health information. Out of that 33%, 90% said that they would trust medical information shared by others in their social network.

Despite this, many doctors are still reluctant to use social media for professional reasons like citing liability issues. Staying in compliance with HIPAA while using social media is a big concern for most medical professionals. It only takes one careless social media post to reveal sensitive patient information. Although patient privacy is always a valid concern, you can use social media in a way that won’t violate HIPAA compliance. And when used correctly, it can be a robust tool for your practice.  Here are some tips to help your medical practice use social media in a way that protects your patient’s privacy.

Make Sure That You Understand HIPAA

Before establishing social media pages for your practice, you must ensure that you have a thorough understanding of HIPAA regulations and how they apply to social media. Also, it is best to choose one or two people to put in charge of your social media accounts. The fewer the people that post, the better. Choose staff members that understand HIPAA policies.

Don’t Post About Your Cases

Even if you don’t directly name the patient, it can be a privacy violation if you post information about your cases. For example, a nurse who treated a patient at a Michigan hospital for gunshot wounds posted about it on Facebook. She didn’t directly name him, but people were quickly able to identify who she was talking about given the patient had shot a police officer. His name and information about the shooting had been all over the media. The nurse was fired days later as she had violated the patient’s privacy. The nurse thought she was safe because she left the patient’s name out, but she was wrong.

Avoid any and all information that can be used to identify a patient. In healthcare and HIPAA terms, all patient information is considered PHI. PHI stands for “Protected Health Information” and pertains to any demographic information that can be used to describe a patient.


Ask Yourself “Is This Something I would Share With the World?”

Nothing is ever truly private on social media. Even if you share something with a small group of people, one of those people could quickly take a screenshot of the post and share it with the world. Deleting or removing the post does not guarantee that people won’t make it public first. So don’t post something that you would not share with the world.

Don’t Publicly Post About a Patient’s Condition

Even if a patient writes on your social media page that they are a patient at your practice, you should not acknowledge the provider/patient relationship unless you have written permission from the patient to do so.

For instance, if a patient writes about how happy they are with your practice for helping them lose weight, commenting that the patient “has done a great job of taking care of her diabetes” would be a violation of HIPAA. You are still bound by privacy laws, even if the patient posts every little detail of their treatment on their wall. We suggest that you change your privacy settings on your social accounts to where you must approve of every post before it shows on your public page.

Here are some of the things that you can post on social media without having to worry about a violation:

• Health Tips

• Upcoming local events that your patients may want to attend 

• New research about your field of work

• Profiles/bios of your staff or new staff 

• Discounts or promotions on the services that you provide


Maintain a Professional Distance

Even though social media is a more casual way of communicating, it is essential to use it professionally. Don’t use your personal social media page for professional reasons. Make a separate business page for your practice and, don’t connect with patients on your private accounts. 

Keeping the above tips in mind will allow you to use social media in a way that benefits your practice and keeps your patient’s private information safe and secure.