It’s Your Call – August 2023

HIPAA: How do I ensure HIPAA Compliance in patient communication on social media direct messaging?

Social media platforms such as Facebook, Twitter, Instagram, and LinkedIn have become powerful tools for healthcare organizations to engage with patients and provide valuable health-related information. However, healthcare professionals must exercise caution when responding to patient private messages on these platforms to ensure compliance.  HIPAA regulations mandate strict standards for protecting patient privacy and confidentiality, making it essential for healthcare providers to adopt appropriate measures when navigating social media direct messaging interactions with patients.

Educate Your Staff

One of the critical steps in maintaining HIPAA compliance is ensuring that all healthcare staff members are well-informed about the regulations pertaining to patient privacy and social media usage. Assigning one member of your organization to respond to social media direct messages allows for more control of your approved messaging.

Direct Communication Channels

To foster secure and confidential communication, patients should be encouraged to utilize direct and private channels, such as the patient portal for any medical inquiries or personal information sharing. Emphasize the importance of these secure channels for sensitive discussions to avoid potential breaches of patient privacy.


Adding a clear and concise disclaimer on all social media profiles is crucial in setting the right expectations for patient communication. The disclaimer should state that social media direct messaging platforms are not appropriate channels for discussing specific medical concerns or disclosing personal health information. Instead, patients should be directed to utilize secure communication methods for such matters.

Monitor and Moderate

Active monitoring of social media channels is vital in promptly identifying any messages that may pertain to patient information. Regularly review messages to ensure that patient privacy is not compromised. If any content violates HIPAA regulations, remove it promptly and address the situation according to the organization’s policies.

Secure Social Media Accounts

To minimize the risk of unauthorized access, ensure that all social media accounts associated with the healthcare organization have robust security settings. Regularly update passwords and review the access privileges of staff members to prevent any potential breaches of patient information.  This is important due to staff turnover. Access audits should be done routinely.


OSHA: Is there really an uptick with Sars-CoV-2 transmission?

Yes. The Centers for Disease Control (CDC) is reporting a 17.3% increase with the prevalence of Eris, a subvariant of Omicron. Common symptoms include a runny or stuffy nose, headache, fatigue, sneezing, sore throat, coughing, and changes to sense of smell.

Although the positive rates pale in comparison to the percentages in 2020, healthcare providers (HCP) will be at a greater risk for potential exposures from asymptomatic or pre-symptomatic patients with SARS-CoV-2 infection. Monitor the community spread and consider implementing broader use of respirators and eye protection by HCPs during patient care encounters. Source control recommendations can be found by clicking here.