How to Stay HIPAA Compliant When Using Social Media for Healthcare

April 21, 2016
239 Views

doctor hipaa compliant on social media

doctor hipaa compliant on social media

Regulations surrounding the use of social media within the healthcare industry can cause physicians to think that it’s a waste of time, however some providers are beginning to realize that there are actually enormous gains to be made from engaging in social media. Here, we look at how to make the most of social media within medical practice internet marketing while still ensuring HIPAA compliancy.

Healthcare Social Media Perks

Research data repeatedly indicates that patient outcomes improve when they are involved and engaged in their own healthcare. Social media acts as the conduit that enables the patient-doctor relationship to extend beyond the traditional face-to-face consultations. When physicians actively engage on social media, they have an additional opportunity to connect with patients and impact their daily choices. And it’s not just the young, tech-savvy generations that can be reached on social media; one of the fastest growing demographics engaging in social media is the 55-65 year age group.

In addition, social media is an ideal platform to professionally connect with colleagues and industry peers. It is a great place to debate, express opinions, and share information and patient experiences. Often, these interactions contribute to improved health outcomes for patients. Blogging is also an effective marketing tool for doctors, as well as being a valuable source of information for patients who often consult blogs to learn more about a physician, procedure, medical practice, or hospital.

The diversity of social media platforms enables a new level of connection between the public, patients, and healthcare professionals.

However, while social media continues to grow in importance in medical practice internet marketing, the challenges associated for non-compliance with HIPAA rules and regulations continue to increase.

Staying HIPAA Compliant

The main compliance issue facing physicians is patient privacy. Physicians must be aware of both HIPAA and state laws with regards to the disclosure of patient’s protected health information (PHI) through social media. Even an inadvertent disclosure of PHI, including pictures, can result in fines and other penalties. To satisfactorily manage this, healthcare organizations must actively supervise the activities of any employees who have access to patient information and ensure that electronic medical records are complete, secure, and tamper-proof for record retention and audit purposes. Firms much also be prepared to capture, archive and have all electronic communications available on demand should a lawsuit require it.

Providing medical advice via social media should be treated with extreme caution due to licensing laws; if a patient is located in a state where the doctor is not licensed, the doctor risks liability under state licensing laws.

Yet in spite of the extensive regulations, social media is an important tool for physicians and healthcare organizations. It is fast becoming the main information source for patients and it is vital to actively engage and manage your brand’s reputation online.

Tips for HIPAA Compliant Social Media

Make sure you have the following in place before going full-steam ahead on social media:

  • Create a Social Media Working Group to discuss any concerns or issues. The group should include representative from various parts of the organization.
  • Ensure a thorough understanding of the patient privacy laws and how it pertains to your business.
  • Create an employee use policy for social media and clearly communicate it to all staff.
  • Educate and train staff on the use of social media, plus how not to use it with real life examples.
  • Create a content strategy with information that can easily be posted by staff to reduce the likelihood of breaches.
  • Develop processes with Legal and Compliance to approve content prior to being posted.
  • Monitor social media communications with technology controls that flag any words or phrases for review before posting.
  • Save and capture records that preserve the format of social communications, including edits and deletions.
  • Archive electronic records so that they can be found in accordance with federal and state recordkeeping rules.
  • Develop metrics to measure the effectiveness of social media programs.


This article was originally published on Medical Web Experts