Social Media Compliance for Healthcare Professionals

Paul Hales

Starting at


Premier price: $224 (save 10%)

Single registration

Buy Now

New Patients are vital for growing and sustaining a Health Care Provider's Practice. Patient attraction has become an enormous business resulting in highly visible Internet-based HIPAA violations and risks for providers. Websites, social media, patient satisfaction surveys, email and text messaging sold by vendors including Business Associates are all subject to HIPAA rules that are frequently overlooked or ignored.

HIPAA Rules for the most common patient attraction tools are clear and unequivocal. One look at a health care provider's website can provide undeniable evidence of a HIPAA violation and indications of other violations to be investigated. There are widespread violations of the HIPAA Rules for communicating with patients for patient engagement as well. These violations are being made by Providers and Business Associates primarily through unencrypted email and text message.

A simple appointment reminder is, by definition, PHI even though it may not contain diagnostic specific information. So are Happy Birthday wishes, reminders that a patient is overdue for a checkup or has an outstanding balance on a bill. You (Provider and Business Associate) must know how you can maximize your use of key patient engagement tools while protecting yourself and your organization from government penalties and patient lawsuits. Health Care Providers have a mandatory "duty to warn" patients of risks associated with unencrypted email. A patient may refuse to receive unencrypted emails after being warned.

Health Care Providers and Business Associates must strictly follow the patient's restriction. There is a HIPAA "safe harbor" that frees you from:
1.Responsibility for unauthorized access of a patient's PHI during transmission and
2.Responsibility for safeguarding PHI delivered to the patient.
Don't be the Provider or Business Associate that finds itself in serious trouble simply because you didn't follow the HIPAA Rules for unencrypted electronic communication with patients! Whether you have a website, a LinkedIn page, or use Facebook, Twitter, Youtube, Google+ or Instagram, you are exposing your practice/business to a potential Breach.

The avenues of electronic communications are growing and we must grow with it in order to maintain HIPAA compliance and keep the integrity and privacy of patients and their protected health information. In this lesson, policies and procedures will be discussed that will help to ensure a compliant understanding of the usage of social media, marketing efforts and website development.
This is more than posting a notice or opt-out message. This is an accurate, comprehensive and easy to implement way of patient engagement through examples and recent breaches. Your entire practice/business personnel should be aware of the harmful effects of the misuse of social media, marketing, and websites and the devices used to access these portals.

Course Objective

You will learn:

  • The information that makes a message subject to HIPAA- what is PHI? How can you have compliant behaviors in Social Media?
  • The "safe harbor" - How Health Care Providers may obtain consent from patients to send PHI in unencrypted email and unencrypted text messages and not be responsible for unauthorized access to the PHI in transmission or when received by the patient
  • What a Health Care Provider must do if a patient does not agree to receive PHI in unencrypted email or unencrypted text message
  • The requirements for a Business Associate to be able to communicate by email or text message with a patient on behalf of a Health Care Provider 
  • How a Business Associate may protect itself from liability for violating HIPAA Rules about email and text messages in its Business Associate Agreement
  • What a Health Care Provider must do if a patient does not agree to receive PHI in unencrypted emails or text messages
  • How Health Care Providers and Business Associates may prove they are compliant with the HIPAA Rules through documentation

The Policies and Procedures Health Care Providers and Business Associates must have in place to comply with HIPAA Rules concerning communication with patients through email and text message

Course Outline

Communication is key throughout Patient Attraction and Patient Engagement. This webinar will demonstrate effective ways to communicate while following the HIPAA Rules. This webinar also focus on HIPAA Rules for transmitting informational email and text messages to patients over an electronic communications network.

  • Patient Engagement Tips: Protect Patients Privacy and PHI, Build the Relationship
  • Policies and Procedures for your HIPAA Compliance Program
  • Social Media: Reviews, Testimonials, and Likes
  • Marketing & Patient Communication: Phone Calls, Emails, and Text Messages
  • Websites: What to Post and Not to Post
  • Portable Devices and Electronic Communications Network
  • How Health Care Providers and Business Associates can work together to avoid violating HIPAA Rules about email and text message communications with patients

Target Audience

  • This 90-minute overview will be of the HIPAA regulations surrounding the various avenues of social media. The course will benefit the following stakeholders:
  • Clinical Operations Staff 
  • Project Team Members
  • Marketing Officers
  • Regulatory Affairs
  • Practice/Office Managers
  • C-Suite Offices
  • Medical Professionals
Webinar Events
Live -Coming soon!

Training CD-DVD

Physical CD-DVD of recorded session will be despatched after 72 hrs on completion of payment

Premier price: $ 539 (save 10%)

Recorded video

Recorded video session

Premier price: $ 314 (save 10%)

Speaker: Paul Hales,

Paul Hales J.D, is an expert in HIPAA compliance law. Mr. Hales is a graduate of Columbia University Law School, licensed to practice before the Supreme Court of the United States, Federal Appellate and District Courts, and Missouri state courts. He specializes in compliance with HIPAA Privacy, Security, Breach Notification and Enforcement Rules and is the author of all content in The HIPAA E-Tool®, an Internet-based, complete HIPAA compliance solution for health care providers and business associates.