Following HIPAA Guidelines Within The Realm of Social Media

July 12, 2018

Are HIPAA guidelines the same for social media as they are for my website?

When it comes to your medical practice’s website, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) may already be on your mind. But did you know that your online presence extends much further than your medical website?

HIPAA requirements mandate that a practice does everything in its power to prevent electronic patient health information from getting into the wrong hands. And while social media may feel less restrictive, HIPAA guidelines still apply. It may seem obvious what information you can and cannot share on social media, but some information might not be as obvious. Here are a few things protected by HIPAA that you should avoid posting unless you're ready to get a hefty fine.

What kind of content is prohibited on social media under HIPAA guidelines?

Any information that could possibly reveal a patient’s identity.

HIPAA prohibits doctors from posting any information that could potentially divulge the identity of a patient. Information protected under the HIPAA guidelines include a patient’s address, date of birth, contact information, and even their name, age, and information regarding what vehicle they drive. Also forbidden is any information pertaining to a patient's stay at a medical facility. This includes information from their medical file or their date of admission into the facility.

A link to a patient website or social media account.

If your practice posts a blog about a specific case study that you then want to share with your followers on social media, you may feel inclined to tag the patient from the case study in the post. Even if a patient gives you permission to write about their case for the study, you still cannot link the post to the any of the patient's personal websites or online accounts.

Photos of any kind without written consent from a patient.

Under the HIPAA guidelines, without appropriate and legal permissions, posting a photo of a patient's face on social media is prohibited. But what about a photo of a patient’s hand, back, foot, or other less-identifiable areas of the body? Under HIPAA guidelines, these are also not allowed unless you have the patient fill out a formal consent form. If your practice requires patient photography for any reason, you absolutely must gain authorized consent from the patient.

Does your social media presence follow the HIPAA guidelines?

Contact our specialists at docero today to receive a free evaluation of your practice's digital presence. Our content writers can help build your brand while staying within HIPAA guidelines.

Get a Free marketing assessment