Although this article is intended to help therapy practices and mental health providers, it is not intended to replace the advice of professional legal counsel. If you have any doubts about whether your social media marketing efforts may be in violation of HIPAA, please consult with an attorney. This content is provided by Brighter Vision, an affinity partner of AAMFT. This information is not necessarily the views of AAMFT and should not be interpreted as official policy.
Social media studies from 2019 have reported that there are 3.2 billion social media users in the world today – that’s about 42% of the entire population! – and this number continues to grow every single day. With that kind of data, there’s simply no denying that social media is a great outlet to expand your private practice’s marketing strategy.
Social media not only allows you to connect with your existing clients on a different level, but it also allows you to provide educational materials that will help establish your expertise with new potential clients. Plus, it's a great way to continue to build your overall brand.
Sadly, as beneficial as social media marketing is for businesses, many private practice owners shy away from social media for fear of unknowingly violating the Health Insurance Portability and Accountability Act (HIPAA).
HIPAA violations can come with some pretty substantial penalties - fines, sanctions, even loss of license in some cases - so we totally get why ignoring digital marketing and social media may seem like the easy way to go.
But we're here to tell you that you don't have to choose between HIPAA compliance and growing your practice online. Using social media doesn't have to feel like walking through an ethical minefield. You simply need to understand what is and what is not allowed by law.
Read on to learn how you can use social media to grow your practice all-the-while maintaining HIPAA compliance.
What Is Protected Health Information (PHI)?
Because HIPAA was enacted several years before social media (as we know it today) really took off, there's no official set of HIPAA social media rules. However, the same HIPAA privacy standards apply to social media use.
HIPAA guidelines define Protected Health Information as "anything - vague or specific - that could reveal the identity of a patient." Well, speaking of vague, what the heck does that really mean?
There are actually 18 items that are considered to be "individually identifiable health information” under HIPAA.
Types of PHI:
- Names, including nicknames and names used on social media
- Address, or any other geographical location information
- Dates, except for the year (i.e. birthdate, appointment dates, admission/discharge dates, etc.)
- Phone number
- Fax number
- Social security number
- Email address
- Medical record number
- Any other account numbers
- Health plan beneficiary number
- Any other certificate or license numbers
- Vehicle information such as license plate numbers or the make/model/color of a vehicle
- Web URLs or social media links
- Device identifiers or serial numbers
- Internet protocol addresses (IP addresses)
- Biometric identifiers such as fingerprints, retinal scans, or voice recordings
- Photos, even if they're not showing anyone's face
- Anything else that compromises the patient's identity
Using any of the above information about a client on social media - even with their permission - could be considered a HIPAA violation and should be avoided to protect your clients’ privacy. But that shouldn't mean that your practice should be precluded from having a presence on social media.
Maintaining HIPAA Compliance on Social Media
According to Healthcare Compliance Pros, 74% of Internet users are active on social media. Not only that, 80% of those who use social media actually use it to research doctors, hospitals, medical news, and other medical-related information.
Without a doubt, social media is a great way to help position yourself as an expert in your field and attract new patients.
But, before you start posting across the various platforms, it's important to make sure you really understand what's allowed and what isn't.