Skip to Content
chevron-left chevron-right chevron-up chevron-right chevron-left arrow-back star phone quote checkbox-checked search wrench info shield play connection mobile coin-dollar spoon-knife ticket pushpin location gift fire feed bubbles home heart calendar price-tag credit-card clock envelop facebook instagram twitter youtube pinterest yelp google reddit linkedin envelope bbb pinterest homeadvisor angies
Jul 27, 2018|healthpracticeadvisors

HIPAA Social Media Guidelines

If your doctor’s office is active on social media please follow the guidelines below.

HIPAA Social Media Guidelines

Listed below are some basic HIPAA social media guidelines to follow in your organization, with links to further information to help ensure compliance with HIPAA rules.

  • Develop clear policies covering social media use and ensure all employees are aware of how HIPAA relates to social media platforms 
  • Train all staff on acceptable social media use as part of HIPAA training and conduct refresher training sessions annually 
  • Provide examples to staff on what is acceptable – and what is not – to improve understanding 
  • Communicate the possible penalties for social media HIPAA violations – termination, loss of license, and criminal penalties 
  • Ensure all new uses of social media sites are approved by your compliance department 
  • Review and update your policies on social media annually 
  • Develop policies and procedures on use of social media for marketing, including standardizing how marketing takes place on social media accounts 
  • Develop a policy that requires personal and corporate accounts to be totally separated 
  • Create a policy that requires all social media posts to be approved by your legal or compliance department prior to posting 
  • Monitor your organization’s social media accounts and communications and implement controls that can flag potential HIPAA violations 
  • Maintain a record of social media posts using your organization’s official accounts that preserves posts, edits, and the format of social media messages 
  • Do not enter into social media discussions with patients who have disclosed PHI on social media. 
  • Encourage staff to report any potential HIPAA violations 
  • Ensure social media accounts are included in your organization’s risk assessments 
  • Ensure appropriate access controls are in place to prevent unauthorized use of corporate social media accounts 
  • Moderate all comments on social media platforms

The Department of Health and Human Services’ Office for Civil Rights has issued guidance on HIPAA social media regulations, detailing the specific aspects of HIPAA that apply to social media networks.

Have questions? Reach out to us today.

What to Read Next
Back to the top