Social media policy for healthcare employees

Communicating through social media offers opportunities and pitfalls to healthcare providers.

August 11, 2021

Article highlights

Nearly three in four adult Americans use social media, according to the Pew Research Center. They post and share information about their lives, and some of that inevitably touches on healthcare settings and situations.

This includes patients posting content about their health and treatment. For you as an employer, more relevant are those hospital employees who share information on social media about their work. This can be positive, such as by creating opportunities for organic social connection between the community and your organization. 

But social media and healthcare can be a bad mix. Imagine a situation in which someone posts a selfie that unwittingly includes a screen or chart containing protected health information. That would be a breach of HIPAA standards.

Because so much of life is lived online, it’s important to acknowledge the role that social media plays and to be proactive. This starts with a social media policy for your healthcare employees. In this article, we’ll explore the reasons why this policy is so important, look at some examples of social media policies at various health systems, and offer some tips on creating your own policy.

Just remember, your organization is already online whether you like it or not. By taking charge, you can make social media a more positive, helpful presence.

Importance of social media policy for healthcare employees

According to a University of Scranton study, the top five reasons healthcare employees post about their work on social media are:

  1. To share information with the community, such as recommendations to get flu shots
  2. By looking at competitors to seek out ways to improve
  3. To train personnel through forming discussion groups
  4. Sharing live updates on procedures, which is a controversial practice
  5. To communicate during times of crisis, giving critical information to the public

But, according to the study, these potential benefits also come with dangers.

“HIPAA sets guidelines that pertain to the protection and confidential handling of an individual’s health records. These guidelines have become somewhat of an issue in terms of social media. Healthcare professionals cannot directly address patients through these outlets as it violates the privacy and confidentiality regulations outlined by HIPAA. Other healthcare facilities are encouraged to implement strict policies and guidelines for what employees are allowed to post on social networking websites.”

HIPAA violations can bring serious consequences to your organization, which is why it is essential to have a strong policy to govern social media usage.

According to the National Institutes of Health, there are additional dangers surrounding social media and healthcare. These include:

  • Poor quality information: The internet is filled with unverified information from unreliable sources, including some designed to spread misinformation. A recent example of this is the spate of false articles intended to scare people out of getting a COVID vaccine.
  • Damage to professional image: Employees can unintentionally post unprofessional material that, if shared in the community, can create an image that reflects poorly on your organization. This can include poor work practices or controversial opinions that don’t match your organization’s values.
  • Breaches of patient privacy: As mentioned above, sharing any protected health information intentionally or otherwise is a breach of HIPAA standards. This can be as simple as communicating via social media with a patient, which would reveal that the patient is receiving treatment at your facility.
  • Violating the patient-healthcare provider boundary: Even if a patient initiates a conversation with an employee on social media, this can break standards. Studies have shown that patients often extend Facebook friend requests to their physicians, but most physicians do not respond. Most hospitals have rules stating that communication with patients should occur through official channels only.
  • Licensing issues: State medical boards have the power to revoke medical licenses for unprofessional behavior. This can include any unprofessional behavior that is revealed on social media.
  • Legal issues: Any healthcare provider that provides medical advice via social media could be opening up liability to potential lawsuits.

Healthcare social media policy examples

When considering the creation or updating of your own social media policy for healthcare employees, it is beneficial to use the existing policies of other organizations as a starting point. Let’s look at a few healthcare social media policy examples.

American Hospital Association

The American Hospital Association has available a sample healthcare social media policy. Here’s how they describe the purpose of it:

“In fulfilling the AHA’s mission and vision, the AHA uses Social Media to build relationships with the health care field, the media and the public. Our use of Social Media enables the AHA to communicate with and educate our various audiences about health care issues and trends as they affect hospitals and health systems, and to ensure that the perspectives and needs of the health care field are clearly articulated and understood.”

One important aspect of it is a statement that requires “civil discourse.” This is a standard of behavior for employees to follow the values and ethics of the AHA in their own social media interactions to “maintain a courteous, polite, and professional dialogue.”

It includes rules against bullying, criticizing or profaning others, or posting anything that is obscene or pornographic. 

A key standard to take away from it is that it creates an expectation that employees are representatives of the organization when they are on social media and will be held to those standards of behavior.

Union Hospital

Union Hospital has its hospital social media policy for employees available on its site as a PDF. The simple two-page document is a straightforward set of guidelines for employees. It specifies that this includes “forms of online publishing and discussion,” which covers blogs, wikis, file sharing, user-generated video, and social networks such as Facebook.

The policy includes language covering the ways in which employees can use social media while at work: 

“Employees may access Facebook during work time, exclusively during breaks or at the direction of management, for the sole purpose of viewing the Union Hospital Employee page. Employees are expected to act responsibly and in accordance with Union Hospital policies and procedures.”

The Union Hospital healthcare social media policy has clear and direct language regarding protected health information:

“Employees may not post any content that is personal health information including patient images on any social media site. You may not use the social media site to provide medical advice.”

National Institutes of Health

The NIH offers some guidance that includes a survey of commonly included items on social media policies for healthcare employees of several healthcare systems. It includes:

  • Keep content credible by sharing information only from credible sources
  • Refute incorrect information you encounter
  • Comply with federal and state privacy laws
  • Respect copyright laws
  • Do not connect with patients via social media. Instead, direct them to an official, secure means of communication
  • Do not give medical advice to nonpatients
  • Do not write about specific patients
  • Obtain patient consent when required
  • Be respectful when discussing patients
  • Use the most stringent privacy settings on each social media channel
  • Disclose any in-kind or financial compensation received
  • Identify yourself and your credentials clearly and identify whether or not you are representing your employer


Looking across each of these, one can see similarities that indicate best practices for healthcare social media policies.

Privacy: A first concern is taking every precaution to maintain HIPAA compliance and not identify patients in any way.

Respect: Healthcare employees are representatives of their organizations while they are online, and they should follow existing policies related to behavior and ethics.

Advice: Employees should not provide medical advice to nonpatients via social media, as this introduces the potential for legal liability.

Patients: Healthcare employees should not join the social media networks of their patients, and instead should direct patients to engage through official, secure channels.

Credibility: Employees should use diligence to make certain that any information they share on social media comes from a credible source, and that they are not spreading misinformation.

Defining your organization’s healthcare social media policy

While those social media policy for healthcare employees examples are a helpful starting point, it’s important to remember that each organization is unique, and so it’s important for you to consider the specific aspects of your healthcare operation that might need to be incorporated into your own social media policy.

In doing this, one good resource is our article Six elements of a good social media policy, which lays out the key aspects of a good policy, including:

  • Employee access
  • Use of official accounts
  • Conduct, oversight, and enforcement
  • Security
  • Disclaimers
  • Engagement

Special consideration needs to go to HIPAA privacy concerns. Some key points are to avoid any discussion of patients, even in general terms, speaking only generally about conditions and treatments, prominently posting your policies and procedures on all social media platforms, and not communicating with patients outside of official, secure channels.

Once you’ve created your policy, a final step is to distribute it to all employees and make sure that they have reviewed it and understand it.

Sharing your story

Social media can be an incredibly useful tool in connecting with the community, sharing emergency updates, and refuting health misinformation. But it comes with serious potential challenges.

You can be prepared for those challenges by proactively creating a social media policy for healthcare employees, making it clear and concise and addressing the key areas of concern listed above.

Remember, most of your employees and patients are already using social media, but according to our research 73% of healthcare organizations don’t have a social media policy. Without clear guidance, your employees could damage your organization by posting unprofessional information or even create legal liability by providing unauthorized medical advice.

Using the guidance and best practices listed above, you can protect your organization and give your employees a straightforward roadmap of how to conduct themselves online.

Now that you’re well versed on social media policies, you can check out our article 10 policies your healthcare organization needs to see other important policies and procedures for your facility.

Related Article

Footer CTA Image

How to write effective policies

How to write effective policies

Start writing better policies and procedures for your facility with this free 12-page guide.

Download Free Guide

Schedule a Consultation!

Everything you need to train, equip, and protect your public safety employees in a single system – from the moment they’re hired until they retire. Schedule a consultation to learn how PowerDMS can benefit you.