top of page

Beware of Social Media’s Friend to Foe Potential

Updated: Jun 26

For long-term care providers, social media looms as a threat.  In reality, unauthorized posts containing private information and embarrassing images can and do get out. However, there are vast differences in potential consequences for an organization, depending on policies and practices in place at the time of an infraction.

In the optimum scenario, you are disciplining or firing an employee for a policy violation, rather than scrambling to explain lapses in procedures, which could lead to lawsuits and fines under the Health Insurance Portability and Accountability Act (HIPAA). 

If you don’t have a social media policy already, that is the place to start in defining appropriate and responsible social media use by employees.  Policy requirements should be well communicated, and addressed in training, with all staff members signing a statement that they understand the rules and will abide by them. In addition, enforcement should include consequences.  

Here are points to keep in mind:

  • Only employees with written authorization may post to your organization’s official social media accounts. 

  • Information or images may be posted only if authorized by the individual or that person’s legal guardian. Authorizations should be specific to types of uses.  For example, a permission to use an image on a website does not mean you can also post that same image on Facebook, where it can be easily shared.

  • Employees must never post any information or images, relating to those you serve, to personal social media accounts.

  • Employees should never “friend” those you serve, or “like” their posts.  Doing so could link those individuals back to your organization, potentially resulting in a HIPAA violation.

  • Always allow an individual to revoke an authorization at any time.

In describing social media as a “danger zone,” the website of the University of Rochester Medical Center lists the exact type of “real world” privacy violations that happen, often with innocent intentions.  One example, in particular, illustrates the kind of slip that could mean trouble for long-term care providers: “Acknowledging that you cared for a patient/resident when a family member tags you in a post, e.g. ‘So glad we could get him home for the holidays.’”

Even if it seems unfriendly not to reply, the higher priority is upholding internal policy, federal requirements and the confidentiality due to those you serve. Good friends – and good organizations – keep secrets.

About the author:

Diane Evans is founder of Guarded Edge, which offers training and services on the application of the Health Insurance Portability and Accountability Act (HIPAA) within long-term care.  Diane can be reached at  Readers may access a complimentary Social Media Policy by visiting Or register for our upcoming course titled "Social Media Use: Marketing and HIPAA". This post was originally published on the Guarded Edge blog.

#social media usage in long-term care

17 views0 comments

Recent Posts

See All


bottom of page