Social Media Policy Considerations
Risk Management

Social Media Policy Considerations for DCs

Social media sites such as Facebook, YouTube and LinkedIn are becoming more popular with DCs. But how do you avoid violating HIPAA or privacy regulations as you increase your social media presence?


Here are some helpful tips:

If the practice plans to have its own professional page on social media sites

Identify the types of content you would like to include. For example, general information about a specific condition and how chiropractic care can help. Your social channels should not give healthcare advice, provide treatment options or share sensitive health information. This includes not sharing photos of your patients.

Determine who will represent the practice in responding to social media questions. Designate who will access, monitor, provide and maintain the content. Decide whether updates will only be done during working hours.

Provide your contact person with training on public relations and social media usage. This can range from e-training to in-depth consultant training. Responding to hostile online reviews requires deftness and tact. In the heat of the moment, it can be easy to overreact and make comments that have to be taken down later, after damaging the reputation of the practice.

Consider contracting with an IT consultant to set up your initial security, check the practice pages for issues and monitor for breaches in security.

Address how inappropriate use of the site will be handled and identify the ramifications of noncompliance. For example: “unauthorized disclosure of PHI or inappropriate and/or unprofessional behavior will result in immediate termination of employment.” However, make sure your privacy policy is in harmony with your employment policies; workers have rights, too, and some attempt at remediation is often the correct thing to do.

If the practice plans to prohibit the use of social media and/or electronic devices

Identify who, what, when, where and how. Any devices that can text, photograph or video patients? All staff, patients, visitors and vendors? Make sure your policy notes any exceptions. For example, devices may be allowed in non-patient-care areas during designated breaks or in cases where a patient’s health and safety are in jeopardy.

Inform staff, patients, families and vendors about the policy and that everyone is expected to comply. Address the ramifications of noncompliance. For example, what disciplinary actions would be taken for noncompliant staff versus patients and family members?

Discuss with team members the importance of caution when sharing information on social media. Some people like to post their day-to-day frustrations on social media as a way to solicit support from friends. In the healthcare world, however, this is fraught with risk. Make sure your team does not share information or opinions about patients, even without names, on social media.

If the practice will train staff about potential HIPAA breaches through social media

Provide guidance to staff on what to avoid and what to do if PHI breach is suspected or confirmed.  


The information in the NCMIC Learning Center is offered solely for general information and educational purposes. It is not offered as, nor does it represent, legal or professional advice. Neither does this information constitute a guideline, practice parameter or standard of care. You should not act or rely upon this information without seeking the advice of an attorney familiar with the specific legal requirements of the state(s) in which you practice. If there is a discrepancy between the site and an insurance policy you have with NCMIC, the policy will prevail.