Are Your Social Media Sites HIPAA Compliant?

Oct 1 | , , , , , , , , ,


As you know, it’s imperative that your clinic comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). This law states that all patient health information remain private and secure.

If your clinic violates HIPAA regulations, you can be subject to fines. At least every six months, it’s a good idea to check the security of your clinic computers and chat with front office staff, therapy providers and other employees about keeping patient information private to maintain HIPAA compliance. This is why it’s also important to ensure that all employees are trained on HIPAA compliance and understand what it means. But did you know that you can also inadvertently violate these regulations on social media sites?

In today’s world, it’s not always enough to have a Website. It’s also a good idea to promote your clinic through social media sites such as Facebook, Twitter and LinkedIn, among others. While these sites are great for exposure, patient referrals and new business, they can also expose your business to potential HIPAA breaches if patient information is shared.

A Pew Research Center survey found that social media is a popular engagement tool. Facebook is mostly commonly used by 67 percent of survey participants, followed by Twitter at 16 percent and Instagram at 13 percent. Additionally, Facebook proved to be the most popular social media site with more than 6,000,000 views in April 2013.

Here are some ways to ensure that your physical, speech or occupational therapy clinic stays HIPAA compliant with social media:

Check the privacy settings
It’s a good idea to check the privacy settings on each social media site from time to time, as they change periodically. If there is an alteration, you want to make sure you’re aware of it in case it affects how secure the information you’re posting is and whether you’re in violation of HIPAA. Make sure that only those in your social network can access the information on your page. You might also want to limit your social media exposure in Google searches.

Don’t share identifying information
“Using social media is like riding a hospital elevator,” Dr. Bradley Crotty, a fellow at the Harvard University combined program in general medicine at Beth Israel Deaconess Medical Center, told Medical Economics. “There’s no control over who hears the information you might share with another physician, or its context.”

Information travels quickly around the Internet once it’s posted, so you need to be extra careful with what you say. If therapists want to collaborate or discuss treatment, doing so via social media is not the ideal option.

“It’s best for patients and doctors not to collaborate on medical advice or treatment over social media platforms,” Crotty said. “This is an active area with much potential but also many concerns.”

Don’t discuss patients
It is best practice to never discuss any information pertaining to patients on social media, even if you’re speaking generally. It can be a challenge to make the data seem anonymous, and you might get tripped up in trying to do so. Therefore, it’s better to conduct these conversations in person or over secure encrypted electronic correspondence. Even if you don’t use names, the patient or your co-workers might be able to deduce whom you are discussing.

Keep your professional and personal lives separate
Many of the therapists and employees in your clinic will likely have their own private social media profiles, so it’s imperative that these are kept separate from the practice’s pages. Employees should not friend patients on their personal accounts, and practice social media sites should not be used for personal updates. Make sure that employees check whether they are on their own account or the clinic’s Facebook or Twitter account before publishing an update, and these pages should always stay separate from one another. Additionally, you may want to implement office social media policies so that employees cannot be on their personal social media pages during work.

By following these helpful tips, you can help ensure that your clinic’s social media presence is in full compliance with HIPAA, and you won’t have to worry about facing violations and possible fines.


This article is brought to you by PREFERRED Therapy Providers Inc. PREFERRED is the nation’s leading payor management services network. Our expertise is working with physical, occupational and speech therapy practices – from single clinics to multiple clinic locations.