How to Stay HIPAA Compliant When Using Social Media for Healthcare

doctor hipaa compliant on social media

Despite regulations surrounding the use of social media within the healthcare industry, there are enormous gains to be made from utilizing social media, from increasing patient engagement to acquiring new patients. Here, we look at why the role of social media is growing in healthcare, and how to make the most of this channel within healthcare internet marketing while still ensuring HIPAA compliance.

Healthcare Social Media Perks

Research data repeatedly indicate that patient outcomes improve when patients are involved and engaged in their own healthcare. Social media acts as the conduit that enables the patient-doctor relationship to extend beyond the traditional face-to-face consultations. When physicians actively engage on social media, they have an additional opportunity to connect with patients and impact their daily choices.

Meanwhile, blogging is both an effective marketing tool for doctors and a valuable source of information for patients looking to learn more about your healthcare organization or seeking health tips for specific conditions. And it’s not just the young, tech-savvy generations that can be reached on social media; one of the fastest growing demographics engaging in social media is the 55-65 year age group.

In addition, social media is an ideal platform for professionally connect with colleagues and industry peers. It is a great place to debate, express opinions, share information and experiences, and build referral networks.

The diversity of social media platforms and post types – including simple text, article shares, images, and videos – enables a new level of connection between the public, patients, and healthcare professionals. However, while social media continues to grow in importance in healthcare marketing, the challenges associated for non-compliance with HIPAA rules and regulations continue to increase.

Social Media HIPAA Compliance Concerns

To ensure HIPAA compliance on social media, it’s important to keep several key issues in mind.

Protected Health Information (PHI) The main compliance issue facing physicians is patient privacy. Physicians must be aware of both HIPAA and state laws with regard to the disclosure of patients’ PHI through social media. Even an inadvertent disclosure of PHI, including visual elements like photos or videos, can result in fines and other penalties. To satisfactorily manage this, healthcare organizations should provide HIPAA training to social media managers and conduct compliance checks. Healthcare organizations must also be prepared to present all electronic communications on demand, should an audit or lawsuit require it.

Medical Advice: Providing medical advice via social media should be treated with extreme caution due to licensing laws. If a patient is located in a state where the doctor is not licensed, the doctor risks liability under state licensing laws.

Yet in spite of the extensive regulations, social media is an important tool for physicians and healthcare organizations. It is fast becoming the main information source for patients, and it is vital to actively managing your health delivery network’s reputation online.

Tips for HIPAA Compliant Social Media

We recommend you have the following in place before going full-steam ahead on social media:

  • Create a Social Media Working Group to discuss any potential concerns about implementing a social media strategy. The group should include representatives from various parts of the organization.
  • Ensure a thorough understanding of the HIPAA patient privacy regulations and how they pertain to your healthcare organization’s social media accounts.
  • Create an employee use policy for social media and clearly communicate it to all staff.
  • Educate and train staff on the use of social media – plus how not to use it – with real life examples.
  • Create a realistic content strategy that specifies both the frequency and types of social media posts to reduce the likelihood of breaches.
  • Develop a process with the Legal and Compliance departments to approve content prior to being posted.
  • Monitor social media communications with technology controls that flag any words or phrases that may indicate HIPAA non-compliance, so that they can be reviewed before posting.
  • Capture and save records that preserve the format of social communications, including edits and deletions.
  • Archive electronic records so that they can be found, in accordance with federal and state recordkeeping rules.
  • Develop metrics to measure the effectiveness of social media programs.

Editor’s Note: This post was originally published in April 2016, and has been updated with links to recent sources and to incorporate new trends in social media, such as the growing use of video marketing.

Gretchen Kalthoff is a writer and marketing specialist for MWE. She is an expert in healthcare marketing and health IT with a special interest in increasing patient engagement through social media and healthcare technologies.
(Visited 32 times, 1 visits today)

Questions? Let our experts help!

Complete the form below or Call 866-932-9944 Monday through Friday from 9am to 5pm EST.

  • Connect With Us

  • Contact Us


  • Newsletter

    Get promotions and current business tips. Sign up for our newsletter today.