Respecting Patient Privacy in an Ever-Changing Social Media Landscape

Social media has become an integral part of the marketing mix for most hospitals and clinics today. It’s a dynamic medium offering a range of touchpoints that support two-way communication directly with target audiences. While engagement is an ideal metric of success, for healthcare organizations it comes with a challenge of balancing patient privacy and staying HIPAA compliant.

Have a project in
Mind? Work With Us
Let's Talk

For example, Facebook’s recent changes to their check-in feature allow visitors to post a picture to your facility’s page. While a patient or visitor can share that photo without violating HIPAA, they could inadvertently violate another patient’s privacy should someone be in the background and unaware that their photo is being taken or shared. Facebook’s new check-in feature does not require approval from the page administrator or provide the ability to disable this functionality, which is a concern.

Here are a few tips and considerations to ensure your Facebook and other social media channels are not compromising patient privacy:

If someone posts a photo to your organization’s Facebook page, don’t like or share it as the Facebook page administrator. While they have willingly shared their own information, taking action could be seen as confirming someone as a patient by HIPAA standards.

Any organizations using social channels for marketing should have a social media policy in place that includes guidelines and expectations for the social community manager, employees throughout the organization and fans or followers interacting with the account. As HIPAA rules change, be sure to review your social media policy to reflect updates and keep employees informed as well.

Similar to having a social media policy in place, healthcare organizations should also post signs in waiting rooms and other visible areas stating that taking photos in the building is prohibited. This serves as a notice to visitors, as well as a reminder for staff.

Incorporate social media scenarios into your employee HIPAA training. Hospital and clinical staffs go through HIPAA training and refresher courses regularly, which is an opportunity to provide tangible examples of how social media impacts patient privacy and ways to avoid both overt and inadvertent compliance issues.

This post was written by Lindsay Vidrine, Health Practice Lead

Work With Us

Freelancer & Vendor Application

Application for Freelancer and/or Vendor
  • Accepted file types: pdf.
    Allowed file types: PDF
  • This field is for validation purposes and should be left unchanged.

Contact Us

My name is

and I would like to discuss
new business

you can
me at
(xxx) xxx-xxxx
me at
For Careers information please go to Careers
For more information please go to Step Up Grant Program

Not into forms? Click here