Social media use can pose serious issues to HIPAA compliance if information is not properly protected. Sharing photos and stories from one’s workday is commonplace on Facebook and Twitter but HIPAA compliant social media is a stranger to many professionals. In most industries, these posts are routine and harmless–no different than vacation photos or memories from years gone by. However, this increasing interconnectivity can lead to serious problems for health care and behavioral health professionals in today’s world if they include any Personal Health Information (PHI) of patients/clients. The question becomes: how can behavioral health professionals ensure that social media use is compliant with the stringent privacy and security requirements of HIPAA regulation? Below, we discuss some of the major concerns regarding medical information and HIPAA compliant social media.
What Can You Post in Social Media as a Behavioral Professional?
The rule to remember here is that posts should never contain information that can be linked back to individual patients or medical records. Protected health information (PHI) is any demographic information that can be used to identify one of your patients. This includes names, dates of birth, addresses, social security numbers, medical data, and financial information, among others. HIPAA regulation forbids the use of PHI in marketing or social media campaigns, and should be avoided in order to protect your patients’ privacy.
Here are some of the things you can post on social media:
- Health tips that patients might find useful
- Upcoming events patients might like to attend
- New research or findings related to your field
- Honors or awards your organization has been granted
- Profiles or bios of your staff
- Advertisements of your services as long as they DO NOT CONTAIN THE PROTECTED HEALTH INFORMATION of any of your patients (including names, photos, or any other personally identifiable information)
HIPAA compliant Social Media Policies & Procedures
The Department of Health and Human Services (HHS) has released extensive guidance on social media use. A number of policies and standards exist that outline exactly how behavioral health professionals can ensure that their practice or organization is HIPAA compliant.You must ensure that your organization has HIPAA policies and procedures corresponding to these HHS standards. One of the most important aspects of maintaining HIPAA compliance is being able to document that your organization is upholding the privacy and security requirements of the regulation.