Making Social Media Communication Work within HIPAA Guidelines

Social media not only changes how people interact, it heavily influences buying decisions. In the healthcare sector, this new type of communication has a major impact, potentially both positive and negative. This is because of the Health Insurance Portability and Accountability Act (HIPAA). HIPAA covers a lot of ground, but in the social media context, it prevents a healthcare organization from divulging personal health information about its patients.

The penalties for a HIPAA violation can be severe, up to $50,000 per violation plus criminal penalties “if the wrongful conduct involves false pretenses.” It’s easy to see why hospitals shy away from activities that could lead to fines.

On the flip side, many major hospitals such as the Mayo Clinic, Johns Hopkins Medicine and Cleveland Clinic have determined that the benefits of a social media strategy are important enough to pursue.

“Any form of communication (even conversations in the elevator!) can violate important privacy rules,” says former Beth IsraelDeaconess Medical Center CEO Paul Levy in his blog Not Running A Hospital. “But limiting people’s access to social media in the workplace will mainly inhibit the growth of community and discourage useful information sharing.” An example of the latter might be using social media to announce specific procedures and breakthrough accomplishments.

Many hospitals that permit or even encourage staff engagement in social media channels conduct training to ensure employees are up to speed – not just on social media, but on patient privacy in general. Some hospitals develop standalone training, while others incorporate social media dos and don’ts into their annual HIPAA sessions.

According to HIPAA’s guidelines, you as a hospital are permitted to communicate with patients about the hospital’s health-related products and services. But hospitals are required to get written authorization from patients granting permission to use protected health information for specific marketing campaigns. The authorization form must state direct or indirect remuneration for the exchange of protected health information, and it must include an expiration date. Patients also have the right to revoke a written authorization at any time. One exception to this rule: authorization is not required when the hospital offers the patient a promotional gift featuring third-party products and services.

If your healthcare facility hasn’t developed training, now’s the time. Your staff could be liable for severe punishment if they run afoul of the law.

Sociall networking is becoming your biggest opportunity to engage consumers and give them access to information. Don’t let rules and regulations keep you from getting your name out there.


Find out more on getting your healthcare voice heard using this new medium and training your employees. Call Wax Custom Communications at 305-350-5700 or visit

Social Media Marketing 2018, PPC on 10+ Platforms.

Social Media Marketing courseLearn how to market via Twitter, Pinterest, Instagram, YouTube, Facebook, Google and more advertising platforms! This must have course has a 4.7 rating out of 1,226 ratings with more than 12 thousand students enrolled.

Take a look at the social media marketing course

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.