HIPAA Compliant Social Media

Are You Engaging in HIPAA Compliant Social Media?


March 10, 2017 | Reading Time: 2 Minutes

Please support Telehealth.org’s ability to deliver helpful news, opinions, and analyses by turning off your ad blocker. How

Social media use can pose serious issues to HIPAA compliance if the information is not properly protected. Sharing photos and stories from one’s workday is commonplace on Facebook and Twitter but HIPAA compliant social media is a stranger to many professionals. In most industries, these posts are routine and harmless–no different than vacation photos or memories from years gone by. However, this increasing interconnectivity can lead to serious problems for health care and behavioral health professionals in today’s world if they include any Personal Health Information (PHI) of patients/clients. The question becomes: how can behavioral health professionals ensure that social media use is compliant with the stringent privacy and security requirements of HIPAA regulation? Below, we discuss some of the major concerns regarding medical information and HIPAA compliant social media.

What Can You Post in Social Media as a Behavioral Professional?

The rule to remember here is that posts should never contain information that can be linked back to individual patients or medical records. Protected health information (PHI) is any demographic information that can be used to identify one of your patients. This includes names, dates of birth, addresses, social security numbers, medical data, and financial information, among others. HIPAA regulation forbids the use of PHI in marketing or social media campaigns, and should be avoided in order to protect your patients’ privacy.

Here are some of the things you can post on social media:

  • Health tips that patients might find useful
  • Upcoming events patients might like to attend
  • New research or findings related to your field
  • Honors or awards your organization has been granted
  • Profiles or bios of your staff
  • Advertisements of your services as long as they DO NOT CONTAIN THE PROTECTED HEALTH INFORMATION of any of your patients (including names, photos, or any other personally identifiable information)

HIPAA compliant Social Media Policies & Procedures

The Department of Health and Human Services (HHS) has released extensive guidance on social media use. A number of policies and standards exist that outline exactly how behavioral health professionals can ensure that their practice or organization is HIPAA compliant. You must ensure that your organization has HIPAA policies and procedures corresponding to these HHS standards. One of the most important aspects of maintaining HIPAA compliance is being able to document that your organization is upholding the privacy and security requirements of the regulation. For more information, see HIPAA and Social Media: The HIPAA-Compliant Social Media Guide.

Essential Telehealth Law & Ethical Issues

Bring your telehealth practice into legal compliance. Get up to date on inter-jurisdictional practice, privacy, HIPAA, referrals, risk management, duty to warn, the duty to report, termination, and much more!

HIPAA Compliant Social Media for Professionals

Tips and tricks for using social media to grow your practice without violating legal requirements.

HIPAA Compliant Cybersecurity for Professionals

Must-know information about how to protect your telehealth practice from a ransomware attack. Operate w/ EYES WIDE OPEN.

Disclaimer: Telehealth.org offers information as educational material designed to inform you of issues, products, or services potentially of interest. We cannot and do not accept liability for your decisions regarding any information offered. Please conduct your due diligence before taking action. Also, the views and opinions expressed are not intended to malign any organization, company, or individual. Product names, logos, brands, and other trademarks or images are the property of their respective trademark holders. There is no affiliation, sponsorship, or partnership suggested by using these brands unless contained in an ad. Some of Telehealth.org’s blog content is generated with the assistance of ChatGPT. We do not and cannot offer legal, ethical, billing technical, medical, or therapeutic advice. Use of this site constitutes your agreement to Telehealth.org Privacy Policy and Terms and Conditions.

Was this article helpful?

Please share your thoughts in the comment box below.

Notify of
Inline Feedbacks
View all comments

Register for Free

Receive Any of Our 57 FREE Newsletters!


Most Popular Blog Topics

You May Also Like…

ChatGPT HIPAA Considerations
ChatGPT HIPAA Considerations

ChatGPT HIPAA compliance is one of the hottest topics at 2023 conferences and with good reason. AI...