skip to Main Content

Social Media Do’s and Don’ts For Healthcare Providers

One of the most popular online activities is searching for health or medical information. According to a recent study by the Pew Internet & American Life Project, 80 percent of Internet users have searched for a health-related topic. This includes searches for a specific doctor or health professional. Medical practices need to be where their patients are and this, of course, includes social media. Social media is a powerful tool for healthcare providers looking to reach more prospective patients, increase patient engagement between visits, and establish a brand. As ripe as social media is with benefits and potential, there are important guidelines your business should follow when posting content and responding to reviews.


Know Your Audience

Each social media network has its own character and culture, and appeals to a specific age group, income level, and education level. In order to be successful, your business should devise a social media strategy that caters to the correct audience. Assess the profile of your patients and the type of person you want to attract when deciding which networks to participate in. A good way to get a feel for what works is to research similar medical practices to your own. Look to see which platforms they are resonating on, and how they align their content to their audience’s interests.


Stay Active

Having a viable social media presence doesn’t amount to setting up a profile and making the occasional post. It requires time to plan a strategy, create content, and analyze data. You’ll also need to train your employees on HIPAA law so that they communicate appropriately with your followers. Speaking of followers, finding them and keeping them engaged will be your biggest challenge. The best way to achieve this is to post timely, useful information on a consistent basis. Marketing efforts to recruit new patients can be added into the mix, but keep in mind that too many self-promoting posts will turn off your audience. Success on social media is about providing targeted value. In addition to organically growing a following online, many healthcare providers post incentives in their office and in email newsletters to get patients to interact with their social media networks. Social media takes commitment and patience. Those expecting instantaneous results will be disappointed and lose interest.


HIPAA Concerns

As a healthcare provider, you need to be extremely cautious about what you post on your social media networks. If you share identifiable protected health information (PHI) without proper patient consent, your practice will be in a violation of the HIPAA Privacy Rule. Even if the patient decides to post their PHI, you should not reference the information they divulge in your response. This isn’t something to scoff at, as HIPAA fines can range from $100 to $50,000 per violation, with a maximum penalty of $1.5 million per year for each violation. It’s easy to assume that you’ve made a patient unidentifiable, but posting the nature of a patient’s medical condition—even without using the person’s name—can lead to trouble. So can posting a seemingly innocuous selfie that exposes a patient’s identity in the background. A good rule to remember is that disclosing a patient’s protected health information for anything other than treatment, payment, or healthcare operations is prohibited. Responding properly to patient posts is another sensitive issue. Your correspondence should never reveal personal information about the patient even if they’ve already done so. If you decide to use images, testimonials, or videos of a patient it’s always recommended to have the patient sign a content release form.

Enter your info to start your free consultation today!

  • This field is for validation purposes and should be left unchanged.

There are places online like Google, Yelp, and Healthgrades that give patients the opportunity to review their medical practitioners. If handled incorrectly, they can land healthcare providers in hot water with HIPAA.

Here’s an example. A patient named Claude Jones reviews a dental practice by writing, “This is the worst dental experience I’ve ever had. The dentist extracted two of my teeth when only one actually needed to be removed. This was confirmed by a new dentist I just saw. Costs me an additional $400. Stay away from this guy!”

The reviewer’s name and their reference to the type of dental procedure constitute protected health information. Although the patient provided this personal information, under HIPAA law you’ll be guilty of violating patient privacy if you use it in your response to the review. Therefore, a proper and professional response would be, “Thank you for your feedback. We strive to ensure that every patient we see receives excellent care and leaves satisfied. I would like to discuss this matter further – please contact me at your soonest convenience.”


Do’s When Responding To Online Reviews:

  • Be understanding and show empathy for the reviewer’s situation.
  • Make your response anonymous. Avoid acknowledging that the person is or was a patient of the practice.
  • Arrange to speak to the patient over the phone or during their next office visit regarding the issue.
  • Create HIPAA compliant responses to common patient scenarios so that your staff is less likely to handle reviews inappropriately.

Don’ts When Responding To Online Reviews:

  • Don’t use any protected health information in your response to a review, even if the patient did so. Protected health information includes information beyond a patient’s medical history, such as name, phone number, email address, date of birth, or appointment times.
  • Don’t respond when you’re upset or emotional. All it takes is a momentary lapse of judgement to respond to a patient review and include someone’s protected health information.
  • Don’t delete a negative review even if it includes protected health information. Also don’t defend your office and get into an argument with someone who leaves a review.


Medical practices are unlike other businesses using social media in that they need to adhere to HIPAA law. By partnering with a HIPAA compliance expert like PCIHIPAA, you’ll have access to our care team when crafting appropriate responses to online reviews as well as many other HIPAA resources. We can also provide your business with encryption solutions to protect patient information as well as asset protection in case of a data breach. Get started right now with a free HIPAA risk assessment to make certain your office is fully HIPAA compliant.


Back To Top