vege - Fotolia

Get started Bring yourself up to speed with our introductory content.

What social media policy best practices should be followed for healthcare?

It's important for healthcare organizations to have clear social media policy best practices. Expert Mike Chapple explains what needs to be in the policy to stay HIPAA compliant.

Health information is a becoming a bigger target for hackers, so I'm worried about keeping my organization HIPAA compliant. One of my concerns is social media use by the employees violating HIPAA, so I'm developing social media policy best practices for HIPAA compliance. How concerned should I be about this, and what should I include in the social media policy for healthcare?

Healthcare providers who are regulated as covered entities under HIPAA should absolutely be concerned about employee conduct on social media. It is entirely possible that an employee comment about a patient on social media could intentionally or inadvertently disclose protected health information in violation of the HIPAA privacy regulations.

HIPAA-regulated entities should have one clear and absolute rule in their social media policy best practice: employees and business associates with access to protected health information should never post anything about a patient on social media without that patient's permission. It's possible that even the fact that a patient is associated with a healthcare provider could constitute an unwanted and unlawful violation of patient privacy. An absolute rule prohibiting posting about patients helps eliminate ambiguity and protect the organization's interests.

In addition to that strict mandate, healthcare social media policy best practices should also think through other circumstances that might trigger an accidental HIPAA violation. For example, an employee posting a picture of a new clinic on social media should be sure that the photo does not include the images of any patients. All official social media posts should be screened by an individual who is very familiar with HIPAA regulations. It's a good idea to have a second set of eyes on any post to avoid mistakes.

Ask the Expert:
Got a vexing problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today. (All questions are anonymous.)

Next Steps

Learn more about social media policies

Discover the top social media compliance issues in Fortune 100 firms

Find out the best practices for CISOs on social media

This was last published in July 2016

Dig Deeper on Social media security risks