HIPAA Compliant Social Media

Are You Engaging in HIPAA Compliant Social Media?


Please support Telehealth.org’s ability to deliver helpful news, opinions, and analyses by turning off your ad blocker.

Social media use can pose serious issues to HIPAA compliance if the information is not properly protected. Sharing photos and stories from one’s workday is commonplace on Facebook and Twitter but HIPAA compliant social media is a stranger to many professionals. In most industries, these posts are routine and harmless–no different than vacation photos or memories from years gone by. However, this increasing interconnectivity can lead to serious problems for health care and behavioral health professionals in today’s world if they include any Personal Health Information (PHI) of patients/clients. The question becomes: how can behavioral health professionals ensure that social media use is compliant with the stringent privacy and security requirements of HIPAA regulation? Below, we discuss some of the major concerns regarding medical information and HIPAA compliant social media.

What Can You Post in Social Media as a Behavioral Professional?

The rule to remember here is that posts should never contain information that can be linked back to individual patients or medical records. Protected health information (PHI) is any demographic information that can be used to identify one of your patients. This includes names, dates of birth, addresses, social security numbers, medical data, and financial information, among others. HIPAA regulation forbids the use of PHI in marketing or social media campaigns, and should be avoided in order to protect your patients’ privacy.

Here are some of the things you can post on social media:

  • Health tips that patients might find useful
  • Upcoming events patients might like to attend
  • New research or findings related to your field
  • Honors or awards your organization has been granted
  • Profiles or bios of your staff
  • Advertisements of your services as long as they DO NOT CONTAIN THE PROTECTED HEALTH INFORMATION of any of your patients (including names, photos, or any other personally identifiable information)

HIPAA compliant Social Media Policies & Procedures

The Department of Health and Human Services (HHS) has released extensive guidance on social media use. A number of policies and standards exist that outline exactly how behavioral health professionals can ensure that their practice or organization is HIPAA compliant. You must ensure that your organization has HIPAA policies and procedures corresponding to these HHS standards. One of the most important aspects of maintaining HIPAA compliance is being able to document that your organization is upholding the privacy and security requirements of the regulation. For more information, see HIPAA and Social Media: The HIPAA-Compliant Social Media Guide.

Essential Telehealth Law & Ethical Issues

Bring your telehealth practice into legal compliance. Get up to date on inter-jurisdictional practice, privacy, HIPAA, referrals, risk management, duty to warn, the duty to report, termination, and much more!

Disclaimer: Telehealth.org offers information as educational material designed to inform you of issues, products, or services potentially of interest. We cannot and do not accept liability for your decisions regarding any information offered. Please conduct your due diligence before taking action. Also, the views and opinions expressed are not intended to malign any organization, company, or individual. Product names, logos, brands, and other trademarks or images are the property of their respective trademark holders. There is no affiliation, sponsorship, or partnership suggested by using these brands unless contained in an ad. We do not and cannot offer legal, ethical, billing technical, medical, or therapeutic advice. Use of this site constitutes your agreement to Telehealth.org Privacy Policy and Terms and Conditions.

What are your thoughts about this article? Please comment below.

Notify of
Inline Feedbacks
View all comments