6 Ways for Physicians to Stay HIPAA Compliant on Social Media

As a physician, you are more than likely engaging in social media to some extent. Whether this be your personal or professional accounts you must remember that HIPAA also applies to social media.‌ It is a good idea, as a physician or healthcare professional, to avoid adding patients to social media to help avoid any accidental blunders that can put you in a difficult situation. You can run a quick google search to see articles on social media HIPAA violations nowadays. HIPAA violations can result in you being fired, fined, or more so it is important to make sure that you are always being compliant.

So, what does this mean for you?

  1. Do not take pictures of patients. It may seem funny to take a picture of a patient as they are not paying attention to send to a colleague or friend. This is not only unprofessional but also in violation to HIPAA since you will be sharing a picture of the patient. It does not matter if you cover the person's face, if they can still be identified then it is in violation. The only time you should EVER post a picture of a patient is if you have written consent from the patient.

  2. Avoid taking photos or selfies in an area where patients or PHI (protected health information) may be seen. A photo may have been taken of you or your colleagues, but if a file or any sort of patient information is viewable in the background this is a violation. If you need to take a group photo or a selfie, opt for a blank wall where no information or others can be seen.

  3. Do not post about patients online. This is one that some healthcare professionals struggle with because social media is often an outlet but putting a story on social media of how you've had to deal with the worst patient ever or describing a patient without naming them is still in violation. If anyone can identify the patient, then you will be in violation. In 2011 there was a case against an emergency medicine physician for posting about a patient online without naming the patient. This led to the physician being terminated from the hospital and fined.

  4. Avoid posting a screenshot of a conversation on social media. You may have a group message on social media or through text where you and your coworkers discuss the good, the bad, and the ugly. You should already be HIPAA compliant in these conversations, but make sure that you are not sharing you and your coworkers' conversations on social media.

  5. Do not record videos of your patient without their consent. We've all had a moment in life where we wish someone was recording what was going on. Make sure that you are not becoming the director of that moment with patients. Just like in photos, even if you are not showing their face, if they can be identified then you will be in violation.

  6. Read your organization's social media policy and follow it. During orientation or when a new policy is implemented it may seem like it's just another paper to sign, but make sure that you are reading these policies. This will help keep you from not being HIPAA compliant and can also help you avoid any issues with your organization.

Overall, you are the physician and the professional which means you are in charge of yourself and your social media. Avoid becoming a headline and an example of what not to do to future physicians and make sure that you stay HIPAA compliant. It is a good rule of thumb that before posting on social media you ask yourself, should I really post this?