Sign In
5 Tips to Avoid HIPAA Violations in Social Media

5 Tips to Avoid HIPAA Violations in Social Media by Elements magazine |

September 3, 2014

Independent community pharmacies work diligently to make sure their business meets HIPAA regulations. But what about when pharmacists and employees go online individually?

When the Health Insurance Portability & Accountability Act (HIPAA) was enacted in 1996, it created new standards for the protection of patient health information. But over the last five years, the dramatic rise of social media use has altered traditional ideas about communication and privacy. As pharmacists take to social media—both personally and professionally—new concerns surface about guarding private patient information.

For independent community pharmacies, balancing between social media interaction and HIPAA compliance can be tricky. But with a little knowledge and forethought, you can share your valuable health expertise without incurring potentially disastrous violations. Here are five practical tips for HIPAA-compliant social media behavior.

1. Build a social media policy

A clear, comprehensive social media policy for your pharmacy is the first step to HIPAA adherence. Make sure every member of your staff who encounters patient information understands the parameters of HIPAA. Establishing guidelines for social media content and procedure creates better awareness and consistency. Emphasize that even individual profiles on social media aren’t truly private and can be connected to the pharmacy. So it’s important for everyone on the team to be a positive purveyor of the pharmacy brand.

2. Separate profiles

It’s crucial to exercise strict separation of all personal and professional profiles. Don’t “follow” patients on personal profiles, and don’t post messages unrelated to pharmacy on your public page.

3. Don’t post about patients

The best way to avoid HIPAA violations is to avoid discussion of patients, period. This goes beyond omitting a name or other obvious identifiers. With the extensive resources that the Internet provides, even information that seems irrelevant can potentially identify the patient. Taking a moment to consider if your content is appropriate can be the difference between tact and transgression.

4. Avoid anonymity

Those who feel obligated to share their experiences online might turn to anonymous posting as a solution. But almost none of our online interactions are truly private; this fact has been reinforced time and again. Anonymity breeds a false sense of invincibility and confidence. Need some relevant evidence? Look no further than the case of an anonymous blogger named Dr. Flea, who was exposed in court as the defendant in a wrongful death/malpractice suit.

5. Share general health expertise

The hazards of HIPAA and social media shouldn’t stop you from having a strong online presence. Instead of describing specific cases or patients, funnel your experiences of each day into sharing general expertise. As a pharmacist, one of the most trusted and knowledgeable voices in the health sector, you have the power and the means to spread important health information and positively affect others.


Please note that this article is a combination of general information and is not meant to be all encompassing. Here are a few sources with more detailed information on HIPAA-compliant social media behavior.

Office for Civil Rights
The OCR offers six educational programs on HIPAA compliance.

Hive Strategies
This company helps health systems create HIPAA-compliant online communities. The company’s blog has a great post on creating a HIPAA-compliant social media strategy.

Related articles: 

5 Pharmacy Social Media Blunders (And How to Avoid Them)
How to Grow Your Pharmacy’s Facebook Page
How to Create a Facebook Page for Your Pharmacy



Sign up for a FREE subscription to Elements magazine!



Sign up to receive the weekly Elements e-newsletter for bonus business tips and advice.

find out more