Examples of Social Media HIPAA Violations

Social Media

Social media provides healthcare professionals many benefits. It’s an easy, efficient and effective way to provide information to mass amounts of viewers. You can promote your practice and the services you provide to encourage new business and future opportunities.

But you must be careful of the information you share. Sharing the wrong or inappropriate information could lead to various HIPAA violations. Being aware of the HIPAA regulations regarding what can and can’t be shared can reduce your risk of incurring penalties.


HIPAA and Social Media

Before you even create any accounts for your facility, create a social media policy as to what can and can’t be posted online. Any information about specific patients, such as a written post, image or video is prohibited because the patient can be identified.

HIPAA’s privacy rules claim that any disclosure of patient information online is forbidden unless there’s expressed and documented consent from the patient. Consent is necessary if you want to share anything about a patient and their health online.


Examples of HIPAA Violations on Social Media

Social media is a great platform to promote your organization, from posting health tips, news, events and research findings to introducing staff and employees and marketing your healthcare services. As long as private information about your patients’ health isn’t release,d you’re not at risk for any HIPAA violations.

Below are some examples of how you many be penalized if patient consent isn’t provided:

  • Failing to obtain written consent before posting images or videos of patients
  • Having conversation threads about patients and their personal information
  • Posting contextual information that could identify the patient
  • If a photo is posted where patients are visible and could be identified
  • Sharing any PHI in a private group on social media


Helpful Tips to Avoid Violations

Listed below are some recommended guidelines when using social media as a healthcare professional. These tips are in line with HIPAA rules and will help you minimize the risks of sharing private information online:

  • Create a social media policy and share it with your staff
  • Provide clear examples to your staff of what is and isn’t acceptable to post on social media
  • Understand and relay the possible penalties for violating social media HIPAA standards (severe penalties may be considered criminal)
  • Continuously review your social media policy to stay up to date on any new or modified rules
  • Approve any material that might be shared prior to posting and keep a record of posted and shared material
  • Don’t participate in discussions that involve a patient’s health information, even if your account didn’t make the initial post


For more information, feel free to check out the HIPAA Journal Article HIPAA Social Media Rules.

HIPAA guidelines regarding social media are relatively straightforward. It’s important to remember these rules apply to your personal and private social media accounts and not just the public ones of your facility. It’s best to not post anything regarding patient information online to avoid penalties.

Scroll to Top