Helpful Tips For Avoiding HIPAA Violations on Social Media

Friday, February 12, 2016
By George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

Digital mediums are a popular great way to connect, but they can also pose a great risk for Health Insurance Portability And Accountability (HIPAA) violations. When it comes to guarding against accidental revelations of patient identity and sensitive information, Ophthalmologists, Optometrists and all medical staff should adopt various measures to protect themselves.

In this day and age, almost everyone has some type of social media platform. Don’t end up like many health care providers who find themselves chastised, fined and fired over HIPAA violations due to common mistakes.

Protect Yourself and Your Practice.

All ophthalmologists, optometrists and medical staff should take the following steps to protect against HIPAA violations due to social media:

-Keep personal social media accounts separate from professional accounts;

-Avoid requesting or accepting friend requests from patients or professional associations;

-Be aware that even posts that have been deleted can still exist in cyberspace;

-Be aware that posts on a private personal page can be accessed by users who are not friends or followers;

-HIPAA lists 18 identifiers including photos, neighborhoods, birth dates and vehicle identifiers. All of these must stay private. Small details can reveal patient identity, especially in small communities;
-Even if a patient posts personal medical information, no health care professional can re- post any information;

-You do not have the right to take or post any image of your patients;

-You are required to report any breach of privacy committed by any fellow employee.

For more tips on social media for health care providers, click here.

Guidelines for Appropriate use of Social Media and Social Networking.

Ophthalmologists and Optometrists are discouraged from interacting with current or past patients on personal social networking sites. Online interaction with patients should only occur when discussing the patient’s medical treatment within the physician-patient relationship. These interactions should never occur on personal social networking or social media websites.

Patient privacy must be protected at all times, especially on social media and social networking websites. Breaches in patient confidentiality could be harmful to the patient and in violation of federal privacy laws such as the Health Insurance Portability and Accountability Act of 1996 and applicable state privacy laws.

Failure to Comply With HIPAA Can Result in Both Civil and Criminal Penalties.

There has been an increase in penalties regarding HIPAA violations. With an increase in the popularity and availability of social media platforms, also comes an increase in potential privacy violations. To read a previous blog I wrote on this, click here.

Don’t Wait Until It’s Too Late, Contact a Health Law Attorney Experienced in Defending HIPAA Complaints and Violations.

The attorneys of The Health Law Firm represent ophthalmologists, optometrists and other health care providers and institutions in investigating and defending alleged HIPAA complaints and violations and in preparing Corrective Action Plans (CAPs).

For more information about HIPAA violations, electronic health records or corrective action plans (CAPs) please visit our website at or call (407) 331-6620 or (850) 439-1001.


Veatch, Kyna. “A Checklist For Avoiding HIPAA Violations.” Law360. (January 8, 2016). Web.

Martin, Jonathan. “Tips on social media for health care providers.” Law360. (January 8, 2016). Web.

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone: (407) 331-6620.

KeyWords: Health Insurance Portability and Accountability Act (HIPAA), HIPAA Omnibus Rule, HIPAA compliance, data security, protected health information (PHI), Patient privacy, U.S. Department of Health and Human Services (HHS), Office of Civil Rights (OCR), patient rights, HIPAA compliance audit, HIPAA violation, penalties for HIPAA violation, criminal penalties for HIPAA violation, civil penalties for HIPAA violation, HIPAA compliance, privacy, defense attorney, defense lawyer, Medicare exclusion, HIPAA defense attorney, HIPAA violation help, American Recovery and Reinvestment Act of 2009 (ARRA), Department of Justice (DOJ), HIPAA attorney, HIPAA lawyer, compliance plans, health law firm, The Health Law

“The Health Law Firm” is a registered fictitious business name of George F. Indest III, P.A. – The Health Law Firm, a Florida professional service corporation, since 1999.
Copyright © 1996-2016 The Health Law Firm. All rights reserved.

Like this blog? Add your public comments:

Items in bold indicate required information.