Dos and Don’ts

Healthcare consumers increasingly use social media for their own personal healthcare and to obtain information about specific practitioners, practices, hospitals and medical products. The challenge for providers of all types is determining how best to engage in social media communication, while also complying with applicable laws and regulations and avoiding professional and ethical missteps. 

Here are just a few of the many issues for healthcare providers to consider when establishing or growing a social media presence. 

HIPAA applies to online communications – Many laws and regulations may apply to particular online communications, depending upon the type of provider, and while some may come as a surprise, it’s no secret that the same compliance with HIPAA and related state laws that protect patient/consumer privacy also apply to online communications. Providers must be vigilant about maintaining patient privacy, never posting in the absence of express written consent any protected health information (such as patients’ names, photographs, dates of admission/discharge, dates of birth/death, social security/medical record numbers) because online violations can have far greater consequences. Once a post hits the Internet, it cannot be deleted or removed completely from the Web. 

Here are a few examples of social media don’ts:

    +The ER physician who posted unflattering photographs on Facebook/Instagram of a local model admitted to the ED for excessive alcohol consumption.
    +The nurse who described her treatment of a “cop killer” on her Facebook page the same day news accounts identified the accused shooter and hospital where he was treated.
    +The paramedic student who posted digital photos of an ED patient who was the victim of a shark attack. 

Avoid unprofessional or insensitive content – Because of the public nature of social media sites, posts that are not well-planned, represent stream of consciousness rants or make unflattering references to unnamed patients can have a negative impact upon a provider, the organization to which such communications are attributed and the profession/industry. 

Here are a few examples of the types of posts to avoid:

    +The physician who referred to one of his patients as “lazy” and “ignorant” on social media due to her failure to properly monitor her blood sugar levels resulting in visits to the ED.
     +The ER tech who posted a picture of a clear bag with the caption, “patient gave me a bag of ice containing his two fingers in it” and who tweeted, “babysitting a 36-year-old drug overdose and holding the urinal for him is definitely what I wanted to do today.”

These unfortunate examples point to the need to ensure that online communications protect patient privacy and reflect professionalism and sensitivity, and that all employees of any hospital, medical practice or other healthcare organization are aware of and adhere to these same requirements in their personal online communications. 

Consider industry-specific restrictions – In addition to HIPAA compliance, other laws/regulations also might apply – depending upon the particular provider – to online communications, which may not be all that intuitive. 

Here are a few examples:

    +Where a product/service is FDA-regulated, the same FDA regulations that require communications to the public to be clear, accurate, truthful and not misleading apply to online communications (a not-so-intuitive issue can arise in Twitter communications given that tweets are limited to 140 characters).
    +Where a healthcare company is publicly traded, the same SEC regulations pertaining to the disclosure of company information applies to online communications. A not-so-intuitive issue can arise where a company officer/other corporate insider posts general information about the company on a personal Facebook page or comments generally about the company via a personal Twitter account. This can require a determination whether such is company information on which an investor could rely and whether it also must be disseminated to the public/shareholders.
    +Where a healthcare organization obtains and disseminates patient testimonials using social media, a not-so-intuitive compliance issue can arise under state advertising guidelines/restrictions and FTC regulations depending upon how that information is used and posted.
    +Where personal medical advice is communicated using social media such as Facebook, a not-so-intuitive compliance issue can arise under state licensing and telemedicine laws given the inability to pinpoint the geographic location of the recipient(s).
    +Where providers seek to establish social media policies that cover the activities of its employees, a not-so-intuitive compliance issue can arise with employee Internet restrictions under the National Labor Relations Act. 

Although this is by no means an exhaustive list, these examples reflect the need for all providers participating in social media communication to consult legal counsel in establishing and updating social media systems/policies to consider the regulatory requirements applicable to individual circumstance. 

Guidelines for healthcare professionals and organizations – A number of healthcare organizations have established their own recommended guidelines and considerations for healthcare professionals and organizations, some of which are identified here as helpful resources:

    +American Medical Association: “Professionalism in the Use of Social Media.”
    +Federation of State Medical Boards: “Model Policy Guidelines for the Appropriate Use of Social Media and Social Networking in Medical Practice.” 
    +American College of Physicians and the Federation of State Medical Boards: “Online Medical Professionalism: Patient and Public Relationships.”
    +American Nurses Association: “Principles for Social Networking and the Nurse.” 

Best practices for healthcare providers – The evolving nature of social media communications make it impossible to identify every potential pitfall and industry best practice. 

Here are some general guidelines for healthcare providers to consider when establishing or growing a social media presence: 

    +Establish a comprehensive social media policy – with the assistance of legal counsel – to address these and other related issues pertaining to the content of provider and employee online communications, ensuring that such policy and related issues are fully communicated to and followed by all employees. 
    +Maintain clear provider-patient boundaries, avoiding practices such as accepting “friend requests” from patients and dispensing medical advice online. 
    +Pause before posting: when in doubt, leave it out. Providers should not post anything online that they would not say or do in person, remembering that even when a post or tweet is deleted, there is never a guarantee that it is truly gone.
    +Monitor online communications, remembering that such communications reflect not only on the individual(s) responsible for the specific content, but also on the organization, profession and industry as a whole. 

John Ivins Jr. is a partner and leader of the healthcare practice at Hirschler Fleischer, Richmond, Va. Ivins routinely represents hospitals and healthcare systems, advising on various operational, compliance and staffing issues, including peer review, credentialing and handling fair hearings. He also represents physicians and medical practices on a variety of privacy, operational and licensing matters. He may be reached at 804-771-9587 or by email at 

Emily Scott is a partner and member of the healthcare practice  at Hirschler Fleischer. Scott’s practice focuses primarily on assisting healthcare providers with contract matters, business torts, employment disputes and hospital staffing issues, including credentialing, peer review and bylaw compliance. She may be reached at 804-771-9593 or by email at

Check out our latest Edition!



Latest Tweets

Contact Us

Inside Healthcare Magazine
150 N. Michigan Ave., Suite 900
Chicago, IL 60601


Click here for a full list of contacts.

Latest Edition

Spread The Love

Back To Top