Strategies for Remaining HIPAA Compliant While Using Social Media

HIPAA RequirementsAs we’ve discussed in previous blogs, the role of social media in healthcare is rapidly evolving. It has changed from an optional marketing tool to a necessary channel used to engage with more patients and physicians. Yet, many healthcare organizations are still unclear on how to integrate social media into their marketing campaigns due to a fear of HIPAA regulations.

Social media has provided a more amplified platform for individuals and organizations to voice their thoughts and opinions. This, in turn, has lead to an increase in HIPAA violations among healthcare organizations and their employees.

So the question becomes: How can healthcare organizations remain HIPAA compliant while utilizing social media?

First and Foremost, Know the HIPAA Regulations

Before venturing into the realm of social media, a healthcare organization’s marketing department needs to be aware of the HIPAA regulations surrounding social media. From policies on images and tweets to comments and videos, HIPAA has strict guidelines that need to be followed such as comment moderation and page/post liking.

The basic point to keep in mind is that the same rules regarding patient privacy that apply to everything else you do in healthcare, must also apply to social media activities.

Internal Social Media Policy

Social Media UseAlong with knowing HIPAA regulations, healthcare organizations need to develop social media policies that are communicated with every employee. In recent events, companies have come under fire due to social media posts from employees.

To help prevent incidents such as staff sharing images or information of patients on their personal accounts, external and internal polices should be put in place that provide specific guidelines and limitations for employees who utilize social media. Once developed, healthcare organizations must distribute these policies to all employees as well as make them publicly available for all interested parties to view.

For the organization’s official social media accounts, the policies should also identify authorized admins to post on behalf of the company. Admins should be fully aware of HIPAA regulations as well as be prepared to monitor and respond back to comments from followers.

Develop Objectives

Similar to traditional marketing campaigns, healthcare organizations must define the objectives of using social media in order to fully capitalize on its potential. Is the idea to spark two-way conversations with followers or just have a one-way conversation providing followers with important information?

Developing these sorts of objectives helps identify the social media platform(s) an organization should utilize. If the goal is to educate followers, a blog would accomplish that objective best and establish one-way conversation. If the idea is to stimulate conversation around topics and increase engagement between provider and patient, Facebook or Twitter may be the best platform to use.

Knowing these objectives upfront allows healthcare organizations to develop and mold posts to follow HIPAA regulations.

HIPAA Rules and Guidelines

Define What Success Looks Like

In addition to defining social media objectives, health systems also need to develop their own definition of success.

Whether success is based on the number of new followers obtained or the amount of retweets each post receives, such metrics provide guidance in how an organization carries out their objectives.

Remember: Leave the Patient Out of It

HIPAA’s key point is to protect the patients and their privacy. Once a patient’s information is broadcasted to the public without their written consent, HIPAA has been violated.

While some social posts blatantly violate HIPAA (i.e., sharing images of an injured patient), some posts may not seem like violations – but in reality they are.

A post as simple as “our nursing staff saved the life of a young man suffering from multiple wounds last night” violates HIPAA as individuals could potentially figure out the patient mentioned from the details given.

A patient- provider relationship is built upon trust – and by disclosing personal information on a social platform accessed by millions of users, providers violate that trust.

Final Thoughts

Social media in healthcare can very beneficial for patient engagement but there are government limitations as what can be shared and discussed. By developing a strategy, internal policy, and objective of the social media campaign, healthcare organizations can reap the benefits of social media while remaining HIPAA compliant.

Learn more about Evariant’s healthcare platform or request a demo!



Evariant provides a leading healthcare CRM solution suite designed to help health systems transform the healthcare experience for their consumers, patients, and physicians. Built on the Salesforce Platform, our solutions foster richer consumer/patient engagement and tighter physician alignment. Powered by cutting-edge data and analytics, Evariant enables health systems to effectively communicate care options that increase revenue and market share, while optimizing network utilization. Many of the top health systems have selected Evariant to thrive in today’s hyper-competitive and rapidly changing environment.