top of page

Tips for Avoiding Social Media HIPAA Violations

Updated: Apr 25, 2021

Social Media HIPAA Violations

In recent years, social media use has led to several serious HIPAA violations and penalties for healthcare professionals. The reality is that employees who have not received the proper training regarding HIPAA rules and social media use are at risk to expose your organization to costly HIPAA violation penalties.

Whether your organization uses social media to attract new clients, or your employees are posting about their work on their own personal social media accounts, improper use of social media or using social channels without regard to HIPAA rules can cause significant problems for healthcare professionals.

The good news is that when healthcare workers are better informed regarding potential mistakes while using social media, HIPAA violations can be avoided.

Four of the Most Common Social Media HIPAA Violations

The industry data shows four of the most common HIPAA violations caused by improper social media use.

  • Posting patient photos, medical document images, or other personal information without written consent from the patient

  • Posting patient information to unauthorized users (even without the use of their name)

  • Mistakenly assuming posts were deleted or shared privately (when they were not)

  • Inappropriately or accidentally sharing any of the above while posting a picture of something else (e.g. visible documents in a photo of employees)

The question becomes: “How can health care professionals effectively use social media channels without violating HIPAA privacy and security requirements?”

Tips to Avoid Social Media HIPAA Violations

The single most important thing to remember to avoid social media HIPAA violations is that shared content should never contain information that can lead to the identification of individual patients or their medical records. This kind of personal data is Protected Health Information (PHI) under HIPAA rules.

Any demographic information that can be used to identify a patient is considered PHI. Types of PHI data include patient names, birth data, full face photos, social security numbers, addresses, medical histories, financial information, and more. Under HIPAA regulations, PHI is strongly protected, and this is outlined in both the HIPAA Privacy Rule and the HIPAA Security Rule.

One of the best ways to avoid social media HIPAA violations and potential legal issues is to have a clear and widely distributed company policy on the use of social media sites. The policy applies during both working and non-working hours.

And you should thoroughly train your employees on all aspects of your HIPAA Privacy and HIPAA Security policies and procedures. This training should be conducted at the time of the employees hiring and at least once per year thereafter.

eLearning for HIPAA Training

Today, eLearning has emerged as the cornerstone of HIPAA training for many healthcare organizations. If your organization is considering the use of eLearning and a Learning Management System (LMS) for your employee HIPAA training, there are several benefits you can expect:


eLearning offers a level of convenience that is not possible with in-person, classroom-based training. With eLearning, your employees can accomplish their learning activities at any time and from any location. All that is required is an Internet connection (and offline training is even available for some eLearning activities). And with eLearning, your users can work at their own pace, rather than the pace of an instructor.

Cost Savings

eLearning tends to be less expensive than classroom training by a wide margin as it eliminates costs around travel, venue and instructor fees, catering, and more. And with eLearning, your employees do not have to be pulled away from their work duties. They can learn after hours or whenever their schedule permits.


Today, many eLearning platforms allow you to capture and analyze data around learning participation, success rate, feedback, and other important metrics. The analysis of this data allows you to revise and improve your eLearning programs over time.


An effective eLearning platform also includes communication tools to allow for group or one-on-one communications. In this way, students and instructors can discuss learning materials and even collaborate on program offerings.

LMS Portals for Avoiding Social Media HIPAA Violations

LMS Portals provides a powerful cloud-based platform that allows healthcare organizations to build, deploy, and manage eLearning programs to support social media and HIPAA use. Our platform offers full branding for your organization and can be incorporated into your existing corporate web infrastructure.

Contact us to get started today!

33 views0 comments


bottom of page