How to Use Social Media and Be HIPAA Compliant

Posted: February 12, 2018

Healthcare Strategist and Senior Account Executive Kim Laramy has been with Ethos and VONT since 2005. Her expertise in healthcare marketing began while “in house” at Bath Memorial Hospital and Mid Coast Health Services (as she says, “a loooong time ago). She has served as account executive to MaineHealth, Maine Medical Center, and Maine General Health, and currently to Blue Hill Memorial Hospital, Inland Hospital, and EMHS. Today she shares her insights into how to join the social world while respecting HIPAA.

The benefits of social engagement

Hospitals and healthcare providers, like other businesses and organizations, understand the benefit of social engagement with customers, patients and employees. But there is a hurdle to overcome if you’re a healthcare organization – can you take advantage of the power of social media without running afoul of HIPAA?

HIPAA is the federal Health Insurance Portability and Accountability Act of 1996. The primary goal of the law is to make it easier for people to keep health insurance, protect the confidentiality and security of healthcare information and help the healthcare industry control administrative costs.

The good news is that you CAN be social and still protect patient privacy – but it takes some effort, thought and commitment.

8 steps for doing social and respecting HIPAA

Here are some steps that will help you on your journey into the social realm:

1. Identify objectives that social media can address for your organization. For example, social media is a great way to share healthcare tips, honors, upcoming events, research and profiles of your medical staff – none of which go near HIPAA.

2. Determine the best social media for your objectives. Facebook is more about two-way conversations; a blog may be more about sharing your expertise. (Be sure to read our article on 6 Reasons Why You Need a Business Blog.)

3. Identify the one or two people who will act as administrators for the social medium. Add more administrators later if needed, but start small. Be sure that the administrators understand they are making a long-term commitment. They will need to carve out time in their schedules so that they can frequently and regularly monitor and participate in the social conversation.

4. Train your social media administrators. They will need to know how to:

  • Use the social media tools
  • Handle communication in the social media tool based on user expectation and best practices;
  • Respond to any issues that may arise;
  • Thoroughly understand patient privacy (HIPAA) regulations;
  • Train back-up support to cover their vacation/sick days.

5. Develop a plan to actively promote the site to acquire followers. Merely setting up a page or account does not ensure you will have followers or an active community.

6. Set a general calendar schedule for posting new information. Assemble subject matter experts and people interested in social media who will be regular content contributors. Designate 1-2 people to oversee.

7. Be prepared to respond to negative posts. Generally, posts that are negative toward your organization should not be taken down. Instead, treat them as an opportunity to show the public just how well you handle adversity. Be respectful, contrite, and helpful. Offer an apology and an offline conversation to seek a solution.

8. Immediately take down posts that violate any patient’s privacy. Fortunately, most people who work in healthcare know and understand what not to say publicly about any patient, and so the risk of intentional HIPAA violations is low. There is a greater risk of unintentional violations – two examples are noted below.

Example 1: Patient Sam goes onto Caring Hospital’s Facebook page and shares what a great stay he had while an inpatient. He calls out his doctor, a nurse, and his roommate Patient Joe. Without intending to do so, Patient Sam has let the world know that Patient Joe was at Caring Hospital. In this case it is up to Caring Hospital to remove the post. If this happens to you, be sure to contact Patient Sam and explain why you needed to remove his post. Who knows? He may be so happy with you that he reposts excluding Patient Joe’s name so that the rest of the world can enjoy his kind words.

Example 2: Gramma Sue is so pleased with her new grandbaby that she goes onto Caring Hospital’s Facebook page and posts a photo of the baby in the nursery, several other babies are also in their bassinets with nametags visible. Gramma Sue has every right to show her own baby, but not the others. Again, if you find yourself in this situation, be sure to contact Gramma Sue and explain why you need to remove her post. You don’t want to unintentionally hurt one of your happiest supporters.

The takeaway

Social media is an excellent medium for getting your message out to a larger audience. The rigors of HIPAA do not have to exclude any hospital or healthcare organization from joining the social world. With some due diligence, time, and effort, platforms such as Facebook can act as a useful tool in helping you further your mission.


About VONT Performance Digital Marketing

At VONT we believe that change is the only constant in the digital world – and that excites us. When tools and environments are constantly changing, new opportunities to help our clients achieve success are constantly arising. Each new advertising technology, social platform, or design approach allows us to improve on the results we achieve for our clients.

We believe in this idea of continual fine-tuning so much that we named our company VONT, which means to achieve exponential improvement in incremental steps. It is our core belief, and the reason why we are not simply a web design company or simply a digital advertising agency, but rather a long-term, single source partner providing a comprehensive array of web development and digital marketing capabilities for a variety of areas including healthcare digital marketing.

In short, we’re here so that our clients achieve success in the ever-changing digital world. If you’d like to learn more about VONT and the work we’ve done with our healthcare clients, visit our Work page . Or, if you have a question, contact us. We’ll get right back to you!