HIPAA and Social Media, social media hipaa violations

HIPAA and Social Media: The HIPAA-Compliant Social Media Guide


March 22, 2021 | Reading Time: 3 Minutes

Please support Telehealth.org’s ability to deliver helpful news, opinions, and analyses by turning off your ad blocker. How

While social media has become common practice, HIPAA and social media are not necessarily associated in the eyes of many professionals. In most industries, regulating social media use isn’t a severe issue, but healthcare professionals must take extra precautions to prevent potential social media HIPAA violations.

Whether you have employees who post about their workday on Facebook or your practice uses social media for marketing purposes, professionals should be aware of potential HIPAA implications.

HIPAA Policies and Procedures

The Department of Health and Human Services (HHS) provides extensive guidance on HIPAA and social media use. A quick way to determine if you are engaging in HIPAA compliant social media is to go through the HHS Social Media Policies Checklist to see if you follow HHS standards.

Social Media Policies

The use of social media must follow current standards to prevent HIPAA violations. Improperly trained employees can expose your organization. A clear set of social media policies can help avoid common social media mistakes.

Endorsing Others on Social Media Can Be Problematic

Liking, following, or friending an entity may give off the wrong signal. It is advisable that you first evaluate what your action might convey to your audience or more specifically, your caseload. For example, donating money to a favorite charity and then allowing the donation process to post a notice on Facebook can inform the population that you serve of your political persuasions, religious beliefs, or other personal issues. While this is not a problem for some types of therapists, it can be a problem for others. Any activity involving third parties should be carefully assessed because even tacit endorsement can easily be misinterpreted.

The HHS Social Media Policies Checklist checklist suggests that organizations take the time to determine entities that are appropriate to follow/like. HHS guidance states that in many cases, a follow/like may convey the following:

  1. Following an entity may imply endorsing the entity as a whole
  2. Simply liking a post may imply only endorsing the posted content

However, how your audience interprets any of your actions on social media is purely subjective and varies from one person to another. Forethought and caution are advised.

Comment Moderation

According to HHS guidance, the submission of user-generated content or comments is recommended but should be moderated to remove: 

  • Partisan political views 
  • Commercial endorsements 
  • Racist, offensive, unlawful or discriminatory content or language
  • Communications of any type with clients or patients


Some applications and sites have specific guidelines for using trademarked images. Written permission from sites or other sources is required at all times. It also is important to note that some attorneys dedicate themselves to finding unwitting people who use the images commonly available through large search engines such as Google or Bing. These attorneys specialize in filing lawsuits against unauthorized users of publicly available images – and they can win their lawsuits in the United States. It is best for professionals who may give the appearance of having “deep pockets” to purchase all images used publicly, regardless of what one’s web manager says. Many web managers are unaware of the legal liabilities involved. In addition to such attorneys, many others file false claims. While they can be defeated because some states such as Illinois have passed laws to protect people from “copyright trolls”, such letters can be alarming. It is best to steer clear of them as much as possible.

Using Protected Health Information

Protected Health Information (PHI) is any information that can be used to identify an individual patient. This includes names, addresses, birth dates, social security numbers among other health-related information that can be traced back to an individual patient. Social media posts should never contain any PHI. HIPAA regulations forbid the use of PHI in marketing or social media campaigns as well.

What Can Health Care Professionals Post in Social Media?

Restrictions regarding HIPAA and social media are many for professionals. What is appropriate to post? Here are a few options:

  • Relevant news
  • Articles related to your area of focus
  • Health suggestions
  • Digital or local events of possible interest to your clients or patients
  • Professional achievements or awards you or your organization have earned
  • Advertisements that don’t contain any PHI
  • Posts about your staff, such as profiles or bios

For more HIPAA-related social media suggestions, see Telehealth.org’s Are You Engaging in HIPAA Compliant Social Media. For an update of general social media guidelines for regulators published by the American Association of State and Provincial Licensing Boards, see Social Media Guidelines Adopted by ASPPB.

Essential Telehealth Law & Ethical Issues

Bring your telehealth practice into legal compliance. Get up to date on inter-jurisdictional practice, privacy, HIPAA, referrals, risk management, duty to warn, the duty to report, termination, and much more!

HIPAA Compliant Social Media for Professionals

Tips and tricks for using social media to grow your practice without violating legal requirements.

Therapist AI & ChatGPT: How to Use Legally & Ethically

Immerse yourself in our highly-engaging eLearning program and delve into the uncharted territory of Artificial Intelligence (AI) in Behavioral Healthcare!

Disclaimer: Telehealth.org offers information as educational material designed to inform you of issues, products, or services potentially of interest. We cannot and do not accept liability for your decisions regarding any information offered. Please conduct your due diligence before taking action. Also, the views and opinions expressed are not intended to malign any organization, company, or individual. Product names, logos, brands, and other trademarks or images are the property of their respective trademark holders. There is no affiliation, sponsorship, or partnership suggested by using these brands unless contained in an ad. Some of Telehealth.org’s blog content is generated with the assistance of ChatGPT. We do not and cannot offer legal, ethical, billing technical, medical, or therapeutic advice. Use of this site constitutes your agreement to Telehealth.org Privacy Policy and Terms and Conditions.

Was this article helpful?

Please share your thoughts in the comment box below.

Notify of
Inline Feedbacks
View all comments

Register for Free

Receive Any of Our 57 FREE Newsletters!


Most Popular Blog Topics

You May Also Like…

ChatGPT HIPAA Considerations
ChatGPT HIPAA Considerations

ChatGPT HIPAA compliance is one of the hottest topics at 2023 conferences and with good reason. AI...