At this point, who doesn’t use some form of social media?  I’m not very technologically savvy, but even I have social media accounts—they’re great for staying in touch with my family on the west coast. Of course, when it comes to how I use my personal account, I still must use discretion regarding what I post.

For example, I have a Labrador retriever. We brought her to the beach with us for vacation, and she loves to play fetch. She also likes to invite others to play with her; she’ll trot up to people walking the beach, drop the ball at their feet, and sit patiently—just waiting for them to pick it up. If they pick up the ball and throw it, they’re hooked. On our last day, our pup dropped her ball at the feet of a young girl who was walking on the beach with her dad and their dog. The girl started playing fetch with my dog, and they must’ve played for about 10 minutes. I thought that would make a great picture, and then my discretionary conscience kicked in: That’s not my child, and if I were in her father’s position, I wouldn’t want a stranger taking a picture of my child—especially in the age of the Internet. Needless to say, I left the beach without a picture, but I do have a nice memory.

This example is a personal one, which leads me to my first tip: Keep personal and business social media accounts separate. Now let’s consider your practice.

Do you socialize safely?

Social media can be an important and powerful business marketing tool (in the right hands). As I understand it, having social media can improve your practice’s visibility in online searches. Thus, as a business owner, you want to use social media; but you must consider how you’re going to use it and who in your company will actually do it.  There are many social media outlets, but let’s use Facebook as an example:

  • Who establishes your company’s account?
  • Who within your company is allowed to post for your page?
  • Who decides what content to post?
  • Who is going to respond to comments?
  • What is the protocol for responding to comments—both positive and negative?
  • How much time will you devote to maintaining the page?

Some practices use social media to tell patient success stories or to post pictures of their practice. This is a great way to promote what you do, but it’s important to understand how HIPAA might impact what you post on social media. As with my story about the child and my dog, you’ll probably need to exercise discretion—and possibly obtain permission.

HIPAA, as I like to say, is built on trust, and trust is an important ingredient in any relationship, including our business relationships. When a person seeks services from a healthcare provider, a large amount of personal information is exchanged. And the only way this system works is if we safeguard that information. Our patients trust we will do this, but fulfilling that obligation seems to be getting increasingly difficult with so many more security risks to contend with (as evidenced by the recent hacking of the Apple cloud system).

What’s your risk tolerance?

I’m hearing that question more and more—especially with the recent, vigorous enforcement of regulation. If, like me, you have a low risk tolerance, here are some simple tips to reduce your HIPAA hazards:

  • Perform and document a risk assessment. Document the answers to some of the questions posed above, especially if you plan to use patient information or photos.
  • Do not post information or photos of patients without their express written permission. It’s a requirement, but to patients, it could be seen as a common courtesy: “Gee, Marge, you’ve done really well here in therapy; would you mind giving us a written testimonial that we can post online?” If Marge says “yes,” have her sign a consent form. Follow the same procedure when sharing people’s photos. If they agree to having their photos taken, obtain signed consent forms.
  • Develop policies and procedures for your social media marketing program. I know it seems like irksome extra work, but remember that information posted online is forever—and that it’s potentially accessible to very technologically savvy people.
  • Train your staff on your social media program and the policies governing it.
  • Monitor the program to ensure appropriate, correct, and rule-abiding use.
  • Apply the “minimum necessary” rule. It would be great if all of your online postings contained no HIPAA identifiers, but if you can’t avoid that, then strive to make your point using the minimum necessary information.

As healthcare providers, we’re so comfortable working with patients that sometimes we just don’t think before we speak. I recently saw a social media post made by a professional that pertained to a patient the professional was treating, and the information was pretty specific. I sent a quick message to notify the person that the information qualified as PHI. What can I say? Some people are social media conversation starters; I’m a social media conversation ender.


Using these simple tips can go a long way in helping you demonstrate that you took reasonable steps to safeguard your patients’ private information, thus allowing you to maintain the trust your patients have placed in you.

Triumph in the Triple-Aim Game: The Healthcare Executive’s Guide to Readmission Reduction, Patient Safety Promotion, and ACO Success - Regular BannerTriumph in the Triple-Aim Game: The Healthcare Executive’s Guide to Readmission Reduction, Patient Safety Promotion, and ACO Success - Small Banner
  • HIPAA Rules for Marketing and Sales Image

    articleMay 20, 2014 | 5 min. read

    HIPAA Rules for Marketing and Sales

    Today’s blog post comes from compliance expert Tom Ambury of PT Compliance Group and WebPT writer Erica Cohen. Before you get too far into your plans to beef up your clinic’s sales and marketing efforts, remember that you’re a healthcare provider first, which means you’ve got some HIPAA hoops to jump through (ahem, rules to follow) that the small business owner down the street probably doesn’t have to worry about. Before we get into that, though, let’s …

  • The Healthcare Provider's Guide to HIPAA-Compliant Marketing Image

    articleSep 14, 2017 | 6 min. read

    The Healthcare Provider's Guide to HIPAA-Compliant Marketing

    In 1966, US Congress passed the Health Information Portability and Accountability ACT (HIPAA). And as we explained here , this “dense piece of legislation...has serious implications for virtually all medical professionals, including physical therapists, occupational therapists, and speech-language pathologists.” Specifically, all HIPAA-covered entities—and that includes providers, payers, and business associates—“must follow certain rules governing the way patient protected health information (PHI) is collected, shared, and used.” And consequences for HIPAA breaches can be severe. While you may …

  • 10 Tips for Social Media Compliance Image

    articleDec 29, 2015 | 3 min. read

    10 Tips for Social Media Compliance

    Your patients are using social media to inform decisions about their own health care, so as a smart healthcare provider, you should be using social media, too. But because of non-compliance concerns, you also must be judicious with its use. Social media is anything but private —and it's practically permanent. Once you put something on the Internet, chances are really, really good it will exist there forever. You may think you deleted that tweet or picture, but …

  • articleJul 11, 2013 | 5 min. read

    HIPAA Final Omnibus Ruling: How Does it Apply to You?

    Curious as to how the  new rules  included in the HIPAA Final Omnibus Ruling apply to you and your clinic? Here, we provide a breakdown of what's in store for your practice starting September 23, 2013. The American Medical Association (AMA) published some great information to help physicians navigate this new ruling, which also applies to rehab therapists. According to the AMA, providers should focus most heavily on these three areas: 1. Privacy, Security, and Breach Notification …

  • Be Safe, not Sorry: HIPAA-Compliant Email Marketing for Private Practice Image

    articleMar 25, 2015 | 6 min. read

    Be Safe, not Sorry: HIPAA-Compliant Email Marketing for Private Practice

    Few tech inventions have endured the way email has. We’ve been checking our virtual inboxes for decades, and the basic concept hasn’t really evolved—you send emails; you get emails. According to this email marketing stats infographic , 95% of online consumers use email, and 91% of them check their accounts once a day. If we surveyed those email-checkers, they’d probably tell us that the bulk of their received messages look a lot like the snail mail taking …

  • Pro-Bono Work: The Good, The Bad, and The Billing Image

    articleJul 20, 2015 | 7 min. read

    Pro-Bono Work: The Good, The Bad, and The Billing

    We’re all taught at a young age that it’s better to give than to receive. This saying helps children develop perspective, and even as adults, few people would argue against the moral truth of this simple axiom. In fact, I’m betting this statement really speaks to the empathetic nature of rehab therapists. Unfortunately, though, when you’re running a business (for the purposes of this blog, I’m referring to a private practice outpatient therapy clinic), you really need …

  • Sink or Swim: How Well Do You Know HIPAA? [Quiz] Image

    articleAug 30, 2016 | 1 min. read

    Sink or Swim: How Well Do You Know HIPAA? [Quiz]

    The threat of a HIPAA violation or breach is almost as scary as the thought of dangling your feet into a murky lake. (I mean, who really knows what lurks in dark water? Yikes!) That’s why we created this HIPAA quiz—to help you figure out how well you can navigate even the sketchiest of situations. And while we can’t promise that you won’t ever run into a lake monster, we can certainly say you’ll come out the …

  • Cloudy with a Chance of Reform: 5 Key Healthcare Forecasts for 2017 Image

    webinarJan 5, 2017

    Cloudy with a Chance of Reform: 5 Key Healthcare Forecasts for 2017

    Predicting the weather is tough—just ask any meteorologist who has called for sun on the day of a major downpour. Well, predicting the fate of the US healthcare system isn’t much easier—there’s a lot up in the air, after all. But, even without a healthcare equivalent of Doppler Radar, there are a few key trends that are sure to have a major impact on PTs, OTs, and SLPs in 2017 and beyond. And to keep your practice …

  • A 10-Point Plan for Smart and Secure Electronic Communications with Patients Image

    articleMar 15, 2018 | 8 min. read

    A 10-Point Plan for Smart and Secure Electronic Communications with Patients

    As emails and text messages have become ubiquitous, patient expectations around provider responsiveness have increased. Gone are the days when providers set aside time each afternoon to return calls; now, they can simply respond to their patients’ texts—but should they? Many physical therapists, regardless of their practice model or patient population, are surprised to learn that they may not be allowed to interact with patients in the manner they—or their patients—prefer. These same providers are typically even …

Achieve greatness in practice with the ultimate EMR for PTs, OTs, and SLPs.