What are the HIPAA Guidelines on Using Social Media?

ProPublica published a study in 2015 which presented HIPAA social media violations involving healthcare workers in 2015. If not dealt with, there will possibly be a lot more incidents of HIPAA violation taking place through the social media. Posting content such as listed below on social media are the prevalent violations of HIPAA rules:

  • Pictures and video clips of patients without a written consent
  • Any detail that allows identification of an individual or patient
  • Pictures taken within a healthcare facility that enables patient identification or PHI disclosure
  • Chit chat related to the patients
  • Text, picture or video in a private group

The Department of Health and Human Services’ Office for Civil Rights published information that discusses HIPAA social media rules that healthcare providers need to adhere to. These will help ensure that they utilize social media in compliance with HIPAA rules.

  • Healthcare institutions need to create social media policies that employees know and follow.
  • Employees ought to be given definite examples of the allowable and not allowable uses of PHI on social media to understand better.
  • Healthcare institutions should make social media training a part of their employee’s training on HIPAA awareness. A refresher training course is likewise advisable every year.
  • Every person in the company ought to know that violating HIPAA rules via social media can be grounds for termination, loss of license and criminal charges.
  • Encourage healthcare employees to report any issue of potential HIPAA violations on social media.
  • All social media policies are subject to review and updates each year.
  • All social media platforms need approval by your compliance office prior to usage.
  • There ought to be a clear rule on separating personal and company social media accounts.
  • There should be policies and procedures describing the allowed marketing techniques on social media.
  • It is advisable to send to your company’s legal or compliance department any social media posts to be approved for posting.
  • Organizations ought to keep track of their social media accounts and establish controls that will flag likely HIPAA violations.
  • Do not participate in any discourse on social media which exposed patient’s PHI.
  • Keep a record of social media postings which your company can work with for editing and formatting social media messages.
  • Run a risk evaluation of your healthcare organization’s social media accounts.
  • Enable comment moderation on all your organization’s social media accounts.
  • Protect your organization’s social media accounts from unauthorized access and posting.