Guidelines on The Use of Social Media to Avert HIPAA Violations

ProPublica published a research in 2015 that revealed the involvement of healthcare employees in HIPAA social media violations in 2015. If not resolved, there will probably be a lot more incidents of HIPAA violation happening using the social media. Making the following posts on social media are the typical HIPAA violations committed by way of social media:

  • Posts of photos and videos of patients without getting a written permission
  • Chit chat concerning the patients
  • Any facts that identifies patients
  • Posts of pictures taken within a healthcare center that identifies patients or discloses PHI
  • Posts of text, picture or video in a private chat group

The Department of Health and Human Services’ Office for Civil Rights developed a guide that discusses HIPAA social media rules that healthcare providers could observe. These will help ensure that social media is used in compliance with HIPAA rules.

  • Healthcare companies need to create particular social media policies and be sure that personnel know about it and comply.
  • Healthcare companies should implement social media training for employees. A refresher training course is likewise advisable yearly.
  • Employees should understand tangible examples of both acceptable and unacceptable applications of PHI in social media.
  • All people in a company need to understand that violations of HIPAA using social media could lead to termination of employment, criminal charges and revoking of license.
  • Submit all social media websites for approval by your compliance department first before using.
  • Social media policies should be assessed and kept up to date each year.
  • Policies and procedures should detail permitted marketing tactics on social media.
  • Personal and corporate social media accounts ought to be separate.
  • It is advisable to get social media posts approval from the legal or compliance department first before posting.
  • Companies need to keep track of their social media accounts and establish controls that can flag possible HIPAA violations.
  • Maintain a record of social media posts which your company can utilize for the social media messages.
  • Never participate in any conversation on social media that exposes patient’s PHI.
  • Motivate personnel to report any issues arising from HIPAA violations on social media.
  • Perform a risk evaluation of your company’s social media accounts.
  • Protect access to your company’s social media accounts to avoid unauthorized posts.
  • Activate comment moderation on the company’s social media accounts.
About Christine Garcia 1310 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at