Skip to content

Understanding HIPAA in Social Media Marketing

  • by
Header image for Understanding HIPAA in Healthcare Marketing

This post may contain affiliate links. For more information, visit my Disclaimer Policy.

To ensure compliance with HIPAA on your social media accounts, you and your team need to have a full understanding of HIPAA in social media marketing. Showcasing photos, videos, case studies, and testimonials from your residents can be a great way to bring personality, authority, and fun to your social media accounts. BUT – you need to make sure you are following the rules.

HIPAA (the Health Insurance Portability and Accountability Act) is a Federal law established in 1996 that restricts access to the protected health information (PHI) of individuals. PHI includes information that can be used to identify an individual, including name, date of birth, Social Security number, telephone number, photo, health records, medical bills, etc. Essentially anything that would allow someone to identify who the patient is, how to contact them, and information about their medical record are all classified as PHI.

* I am not an attorney or authorized in any way to provide legal advice. If you aren’t sure about HIPAA or PHI regulations, please consult your compliance officer or attorney. 

 What Types of Posts Does HIPAA Affect in Social Media Marketing?

Before you showcase a resident in any way on your social media account, you have to make sure you have written consent. Here are some ways that you may want to feature residents online that would require a signed consent form before doing so in order to be compliant with HIPAA in social media marketing:

  • Photos of that show recognizable faces of residents enjoying a meal, activity, or other fun events in your facility.
  • Features of residents participating in an exercise or therapy session. Even with signed permission, consider sharing only the resident’s first name.
  • Photos of residents receiving a nursing treatment or procedure. Even with signed permission on these, it’s a good idea to blur faces and/or make sure no health information is showing on a chart, etc.
  • Showcasing a resident testimonial. In some cases, you may want to feature a shortened version of their testimonial with any PHI removed.
  • Anything that features any resident, in any way.

Elderly woman with her granddaughter looking at mobile phone in the park

Signed Media Releases from Residents

To make it simpler for your staff to track, you could consider including a media release form for residents (or their responsible party) to sign at the time of admission. Make sure they understand that it means they may be featured on your social media accounts, and if you end up featuring them for something medical-related like a therapy session, it’s a good idea to get an additional, more specific signed release at that time. The generic signed release is perfect to have on file for featuring things like dining, activities, and other fun times. If you make sure all residents have the opportunity to sign a release, then all you have to keep track of are the residents who refused to sign. Everyone has the right to refuse, and if you have any that don’t want to be featured you must be very careful that they aren’t shown in any event photos, etc. that you may post.

If you don’t already have a media release form that you are using in your facility, you should be able to find a template online. Jotform also offers some cool online form options. Again, I’d suggest consulting with your compliance officer or attorney to make sure your form includes everything it needs.

Staff Education is Essential

Another important part of HIPAA compliance related to social media is that you educate your staff on the importance of HIPAA. Staff should not ever take photos or videos of residents from their personal cell phones unless they are doing so for the sole purpose of social media. If they do take them for social media, they should delete them from their phone right after posting to your accounts. It’s a better idea to have a facility-owned camera to use for social media, but that may not always be an option.

Train your staff that under no circumstances can they ever post a photo or video of a resident to their personal social media accounts. If there is something fun going on that they want to post, you can encourage them to share the facility’s social media post to their personal account. (This helps you get more visibility and reach, too!) You should also teach your staff not to post stories about work on their social media. Even if they don’t share the patient’s PHI, it’s always possible that through the story details they share someone could identify who they are talking about.

Signed Releases from Staff Members

As part of your new hire paperwork, you should also have your staff members sign media releases. Though this is separate from HIPAA regulation, they still have the right to agree or decline to be featured online. Not everyone wants to be online, and that’s a choice that needs to be offered and respected. If any employees decline to sign then you need to make sure they don’t get shown in any group photos, etc.

How Do You Blur Faces from Photos?

In the event that one of your residents or staff members finds their way into a photo that you could otherwise share on social media, in some cases it may work to blur out their face and any other distinguishing features. Pixlr.com is a free photo editing software that has a “blur” tool you may find useful.

Leave a Reply

Your email address will not be published. Required fields are marked *