Q
Get started Bring yourself up to speed with our introductory content.

What social media policy best practices should be followed for healthcare?

It's important for healthcare organizations to have clear social media policy best practices. Expert Mike Chapple explains what needs to be in the policy to stay HIPAA compliant.

Health information is a becoming a bigger target for hackers, so I'm worried about keeping my organization HIPAA...

compliant. One of my concerns is social media use by the employees violating HIPAA, so I'm developing social media policy best practices for HIPAA compliance. How concerned should I be about this, and what should I include in the social media policy for healthcare?

Healthcare providers who are regulated as covered entities under HIPAA should absolutely be concerned about employee conduct on social media. It is entirely possible that an employee comment about a patient on social media could intentionally or inadvertently disclose protected health information in violation of the HIPAA privacy regulations.

HIPAA-regulated entities should have one clear and absolute rule in their social media policy best practice: employees and business associates with access to protected health information should never post anything about a patient on social media without that patient's permission. It's possible that even the fact that a patient is associated with a healthcare provider could constitute an unwanted and unlawful violation of patient privacy. An absolute rule prohibiting posting about patients helps eliminate ambiguity and protect the organization's interests.

In addition to that strict mandate, healthcare social media policy best practices should also think through other circumstances that might trigger an accidental HIPAA violation. For example, an employee posting a picture of a new clinic on social media should be sure that the photo does not include the images of any patients. All official social media posts should be screened by an individual who is very familiar with HIPAA regulations. It's a good idea to have a second set of eyes on any post to avoid mistakes.

Ask the Expert:
Got a vexing problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today. (All questions are anonymous.)

Next Steps

Learn more about social media policies

Discover the top social media compliance issues in Fortune 100 firms

Find out the best practices for CISOs on social media

This was last published in July 2016

Dig Deeper on Social media security risks

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

2 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What is your healthcare organization's social media policy? Do you think it is effective?
Cancel
Social media is something barely controllable. Protection of privacy is extremely important but the organizations have to realize that they can't simply lock and control.
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close