Breaking Compliance News Blog

Do you have a HIPAA authorization for that social media post?

Posted by Margaret Scavotto, JD, CHC on 2/16/21 10:00 AM

Find me on:

hipaa auth snip

The pandemic has changed a lot for healthcare providers – including their social media use.

Most providers we talk to say they have increased their use of social media during COVID-19. Some providers are turning to social media to disseminate information about COVID-19 precautions, and, now, vaccine availability. We also see many providers using social media to keep the public informed, and to keep people connected during visitor restrictions. Many nursing homes are posting resident pictures and videos on Facebook or TikTok to give their loved ones a glimpse into life inside a nursing home during a lockdown. These strategies have led to creative – and often charming – social media campaigns.

For example:

I truly enjoy these posts, and I appreciate the clever social media campaigns and the connection they bring during a challenging time.

BUT – All of these social media uses bring risks. If you decide to embark on a new social media campaign, make sure you keep HIPAA at the forefront.

When protected health information is shared inappropriately, the Privacy Rule can be violated – which means you will be conducting a potential breach investigation. There are also security risks inherent in social media use. And, when the wrong information is shared, it can go viral and make headlines very quickly.

Remember: Obtain a signed HIPAA authorization from the patient BEFORE taking the picture or making that post.

What you can do:

Continue to look for creative ways to use technology to keep people engaged during the pandemic – but also keep HIPAA at the forefront of your expanded technology uses:

  • Do not post any patient-specific information to social media without first obtaining a HIPAA authorization. This includes patients in the background.
  • If you have not already done so, implement a social media policy that specifically addresses HIPAA.
  • Prior to using a new social media application, evaluate the risks with your HIPAA Security Risk Analysis process and mitigate any risks.
  • Maintain close communications between your HIPAA Privacy and Security Officer, and your marketing or public relations personnel. All marketing and PR communications and programs should be vetted for potential HIPAA risks.
  • Regularly review your organization’s social media activity to ensure it is HIPAA compliant.
  • Train staff about appropriate social media uses during COVID-19 – the HIPAA stakes are higher during a pandemic.
  • Get a HIPAA authorization before taking a picture or posting about a patient.

f.hubspotusercontent00.nethubfs378557HIPAA NAB       shopify social media tool kit

Margaret signature 2021-1


Topics: HIPAA, Social Media, security, privacy

    Privacy Policy           Terms of Use