For most companies, interacting with customers on social media is a comparatively simple process. For those in the healthcare industry, it’s much more sensitive. Clinics and doctors must comply with HIPAA rules 24/7- even on social media. Here are a few ways you can ensure that you aren’t breaking HIPAA rules when interacting with patients on social media.

Here’s the important fine print stuff: This blog is for informational purposes only, and it is not intended, and should not be interpreted, as legal advice. No attorney-client relationship is created between you and Impact Marketing or any of its officers, employees, agents or affiliates based on your receipt or review of this blog or your retention of Impact Marketing. For advice on specific legal problems, please contact an attorney.

First and foremost, NEVER post anything about a patient without a signed, HIPAA compliant release form upfront. This includes photos, videos, testimonial statements, or anything that might identify a patient. Using patient information on social media is off limits without a release.

Don’t confirm that anyone is your patient— even if they refer to it first. Facebook and Google give the option for patients to review their providers. When replying to these reviews, never say anything that implies or confirms the care and treatment the patient received. Even though the fact a patient received care at your office is implied when they write a review, it is against HIPAA rules to disclose a patient’s health information.

Don’t give out any patient information. When replying to a patient or visitor’s comments or reviews on social media, be careful not to give out any information about any patient. It’s always best to be safe by asking the commenter to call your office to discuss the issue over the phone.

All these rules apply to public social media pages, such as the Facebook page for a doctor or clinic, as well as private groups and personal Facebook pages. For example, if the staff at a hospital have a private Facebook group in which they can communicate about schedules or post relevant industry information. Even though that group is private, it is still a HIPAA violation to discuss patients in that group. This includes posting videos or photos, as well as gossiping about patients. Individual healthcare workers are also not allowed to violate HIPAA on their personal social media pages.

For help managing your healthcare social media pages, contact Impact Marketing today!