How to Ensure Online HIPAA Compliance in Website and Social Media Efforts


When it comes to online management of protected medical information, it’s important to ensure that you and your staff are properly informed about the ways in which protected health information can be dispersed. In the digital age, people are increasingly using the internet and social media as a source for news and updates on frequently-used businesses, which is a point of concern for many healthcare providers looking to protect the privacy of their patients. At Savvior - a leading Pittsburgh software company - we know the compliance with online regulations is important in maintaining the reputation and safety of your business, which is why we’re here to break down some tips for ensuring online HIPAA compliance. Here we will break down the type of information HIPAA protects, what data is considered an identifier of protected health information, and ways that you can work to avoid online HIPAA violations yourself.

What is Protected Under HIPAA?

How HIPAA Impacts What Information Can Be Communicated

Doctor on phone and computer

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is the legislating act that protects patient privacy and pushes to ensure the security of healthcare data. HIPAA requires that covered entities and their business associated protect nearly all identifiable health information for all entities it covers. These entities include hospitals and doctors, insurance companies, healthcare clearinghouses, and all of their business associates.

Designed to ensure the safety and privacy of patients across the United States, HIPAA creates major restrictions not only on healthcare communication but the way transactions are completed electronically. This means data storage and all communication with patients must be secure and private, leading many healthcare and insurance institutions to come to Pittsburgh software companies for solutions in maintaining HIPAA compliance online.

But this online privacy preservation isn’t limited exclusively to online portals and servers. HIPAA violation frequently extends onto websites and social media because providers are not careful enough about the information that is essentially broadcasted to the world. Accidentally dispersing identifiable health information that has not been properly de-identified can lead to costly lawsuits, which is why it’s so important to make sure that these rules are carefully monitored and taught to employees on all levels.

What is Considered an Identifier?

Clear Descriptions of What Information Can Be a HIPAA Violation

Doctor Medical Icons

There are a variety of things that could be considered a HIPAA violation, but a variety of it exists in the sharing of identifiable information. You may not think that certain information is considered an identifier on the surface. However, according to HIPAA Journal, the following information can be protected information under HIPAA:

  • Names

  • Geographic subdivisions smaller than a state

  • All elements of dates (except year) related to an individual (including admission and discharge dates, birthdate, date of death, all ages over 89 years old, and elements of dates (including year) that are indicative of age)

  • Telephone, cellphone, and fax numbers

  • Email addresses

  • IP addresses

  • Social Security numbers

  • Medical record numbers

  • Health plan beneficiary numbers

  • Device identifiers and serial numbers

  • Certificate/license numbers

  • Account numbers

  • Vehicle identifiers and serial numbers including license plates

  • Website URLs

  • Full face photos and comparable images

  • Biometric identifiers (including finger and voice prints)

  • Any unique identifying numbers, characteristics or codes

While some of these identifiers seem unimportant, they can easily lead to the creation of a bigger picture of the person whose privacy is being violated. 

Tips for Maintaining HIPAA Compliance from a Pittsburgh Software Company

Follow These HIPAA Compliance Tips Online and on Social Media


As information is dispersed across the internet online and via social media, there are certain aspects of HIPAA compliance that extend beyond the scope of a Pittsburgh Software Company. However, when working with information as a healthcare provider or related entity, be sure to keep the following information in mind:

  1. Situational Data Can Sometimes be an Identifier. If the patient was injured doing something strangely specific (like hurting himself at his landscaping business), it’s important to be careful when exposing the nature of the incident.

  2. Never repeat or validate messages in a Direct Message. It’s easy to confuse a direct message for a ‘private’ message. While limited between you and another person, the conversation is far from secure and private, making it important to only communicate any type of identifiable information through secure portals.

  3. Obtain written permission for disclosure on ALL marketing materials. Due to the value that personal health information - such as a de-identified x-ray or CT - can bring to a company when used in an ad, any personal health information is protected by HIPAA when used for marketing purposes - even those that are non-identifiable! If you are looking to use this kind of information for marketing efforts, be sure to obtain written permission first.

  4. Use social media Tools to Ensure Compliance. Social media management tools like Sprout Social allow you to establish workflows for social post-approval. This way, messaging can be fully screened prior to posting, giving you the power to triple-check for any HIPAA violations.

  5. Instruct employees on online presence and HIPAA compliance. It’s your job as a company to do your due diligence in ensuring HIPAA compliance. Teach employees about how to maintain privacy in tweets, Facebook statuses, and when posting pictures from the workplace.

  6. Always check comments for potential violations. Even if you don’t leak private information, someone may comment protected information on a post. Whether it is their information or someone else’s information, respond via direct message about the comment that the matter can be handled via a private portal and delete the comment.

Think it’s time to tackle your business’s online HIPAA compliance head-on? Get in touch with Savvior - a leading Pittsburgh software company - to learn how we can ensure security and compliance for your company.