3 ways to comply with HIPAA on social media

By Aine Cryts

While stories abound of providers successfully managing their online reputations, physician practices must be careful--and even question whether they should engage with patients online, reports a recent CSO article. What has to be top of mind for providers is how your social media strategy meshes with your adherence to HIPAA regulations.

Thus, here are three tips to keep in mind to try to steer clear of HIPAA fines:

  • Keep PHI private. Patients' protected health information (PHI) has to be protected at all costs. That means no communicating about a particular patient's health status online, whether that's on Facebook or in an online review, according to the article. In particular, never share patient names in online forums and keep any advice posted publicly very basic. Ask patients who ask about their specific health conditions to call the practice or communicate with them via your patient portal.
  • Create and communicate your practice's social media policy. Document your practice's policy and communicate it among staff to help prove to the government that your practice took the required steps to avoid a HIPAA breach or violation--and that could mean lower fines.
  • Have a protocol to address negative reviews. The best approach is to thank the reviewer for taking the time to post a review and note that your practice is implementing steps to improve the patient experience. It also matters who fields negative comments and responds on behalf of your practice. Therefore, designate an appropriate marketing or legal resource to handle such comments from patients, or make it a policy to not respond at all, the article suggests. Alternatively, have physicians reach out privately to patients, FiercePracticeManagement recommended previously.

To learn more:
- read the article

Read more on