(3 min read) “A physician does not need to know the recipe for Google
Klara Morgan On Sep 09, 2022
By Amber Turner On Feb 11, 2021 . 0 Comments
Social media, especially Facebook, can be a useful resource for practice advertising, professional networking, and patient engagement; however, many practices struggle with how to ensure HIPAA compliance in the social media age.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was passed far before the era of social media. Ergo, there are no laws or amendments that contain any explicit rules regarding social media usage. However, many of the existing laws and regulations have details that certainly apply to conduct within social media channels.
For those that aren’t familiar with HIPAA, the legislation “assures that individuals’ health information is properly protected while allowing the flow of health information needed to provide and promote high-quality health care and to protect the public’s health and well being.”
Healthcare practices take HIPAA seriously and it sometimes is the reason some doctors or healthcare professionals shy away from healthcare social media marketing.
Employees who aren’t properly trained on HIPAA and social media can potentially expose your organization to costly HIPAA violation fines.
However, there are numerous benefits of marketing your practice on Facebook and infinite content you can share on Facebook while remaining safely HIPAA compliant.
We understand the risk your practice can take when the misuse of social media can lead to issues with HIPAA compliance, so read our helpful HIPAA Facebook guidelines to avoid any mistakes that can lead to HIPAA penalties.
We will also recommend content ideas you can use to succeed on the world’s largest social media platform while staying HIPAA compliant.
HIPAA was enacted several years before social media networks such as Facebook were launched, so there are no specific HIPAA social media rules; however, there are HIPAA laws and standards that apply to social media use by healthcare organizations and their employees.
Protected health information (PHI) “Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual” that is:
HIPAA regulation forbids the use of PHI in marketing or social media campaigns, so this should be avoided at all costs to protect your patients’ privacy.
These are the 18 HIPAA Identifiers that are considered personally identifiable information (PHI):
You can view an overview of all the HIPAA laws on HHS.gov here.
What happens if you break HIPAA Rules will depend on the severity of the violation. The actions of employers, professional boards, federal regulators, and the Department of Justice will depend on several factors:
Penalties for HIPAA violations can be issued by the Department of Health and Human Services’ Office for Civil Rights (OCR) and state attorneys general.
The four categories used for the penalty structure are as follows:
Each category of violation carries a separate HIPAA penalty. It is up to OCR to determine a financial penalty within the appropriate range.
View an overview of large-scale HIPAA fines listed by year provided by the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) here.
Much like other social media platforms, the most common HIPAA breach is sharing PHI. One example is when a nurse from Texas Children’s Hospital posted details about a young measles patient in a Facebook group. The hospital launched an investigation which resulted in her firing.
The HIPAA Privacy Rule places restrictions on the allowable uses and disclosures of protected health information.
However, as this incident shows, the patient does not need to be mentioned by name for them to potentially be identified. If any personally identifiable protected health information is posted on social media without consent first being obtained from the patient, it constitutes a violation of the HIPAA Privacy Rule.
Most HIPAA violations are accidental. Maybe PHI was in the background unknowingly. In some cases, employees don’t realize that what they’re posting is a HIPAA violation.
The first rule of using social media in healthcare is to never disclose protected health information on social media channels. The second rule is to NEVER disclose protected health information on social media.
Avoid posting any patient information, stories, and conditions even if the name is left out.
Also, never post photos of patients or their medical documents. That includes any photos where PHI might be visible in the background.
One of the most effective ways to protect your practice against HIPAA violations is to have policies and procedures in place to address each of the HIPAA regulatory standards.
These policies and procedures should be unique to the needs of your practice–which is why that dusty and often forgotten HIPAA policy binder in the corner of your office often isn’t enough.
Share this checklist below with the employee or marketing team managing your practice’s Facebook page.
Here are some additional precautions to take in terms of social media posting:
With the proper precautions being taken, there are still many ways to use Facebook to benefit your healthcare organization.
In general, social media can be used to attract new clients to your medical practice or educate current patients on a topic or piece of news. With roughly 2.8 billion monthly active users as of the fourth quarter of 2020, Facebook is the biggest and in our opinion, the best social media platform to market your practice.
Below, we list some of the things you can post on social media:
For more great ideas and Facebook marketing support, check out other Koda Digital blogs written by our expert social media managers:
Healthcare practices shouldn’t abandon social media marketing in fear of accruing HIPAA violation penalties from their social media posts. I
Instead, there are ways to successfully use healthcare social media marketing in a way that protects the privacy of your patients on social media. Find the best way for your practice to begin a healthcare social media strategy that fits your needs and helps your business.
By standardizing the way that marketing and social media efforts are maintained, you ensure that no sensitive health information will be improperly disclosed on the web.
It is imperative to keep patient health information protected, with secure and effective digital marketing.
When it comes to HIPAA compliance, it is better to be safe than sorry. That being said, there are lots of ways healthcare providers can stay on the cutting edge of marketing and leverage their digital footprint to attract new patients while remaining HIPAA compliant.
If you don’t have the time or the resources to handle effective online HIPAA-compliant management, you can always invest in training your employees or turn the work over to someone who does it for a living and has a proven track record with digital medical marketing.
At Koda Digital, helping our clients grow and keeping them HIPAA compliant is more than just our business; it’s our passion.
Instead of waiting for patients to come to you, let’s go to them. From patient reviews and social media to SEO and website, we handle the entire digital experience so you can focus on what you want to focus on.
2021 is already here so don’t wait too long! Do reach out.
If you're ready to discover the strengths and weaknesses of your
digital marketing efforts, without all the confusing techno-babble,
then enter your healthcare website below.