99MGMT Blog

4 Shockingly Common HIPAA Violations on Social Media Platforms

Posted by 99 MGMT on Nov 16, 2017 2:38:45 PM

social media hipaa violations examples

According to Pharmacy & Therapeutics, 90% of physicians use at least one social media site for personal use. Over 65% use social media for professional purposes.

HIPAA violation penalties are the same whether it happens online or offline. Unfortunately, with the absence of the physical cues and checks, it’s easy to share too much information.

Additionally, HIPAA specifies 18 types of patient info (aside from their name) that must remain private. Sharing any one of those 18 - accidentally or otherwise - is a violation of HIPAA.

Here are four of the most common social media HIPAA violations, plus some incredibly uncomfortable examples of violations.

Review the HIPAA Compliance Checklist for your practice

4 Social Media HIPAA Violations That Are Shockingly Common

According to Healthcare Compliance Pros, there are four major breaches of HIPAA compliance on social media.

  1. Posting information about patients to unauthorized users (even if their name is left out)
  2. Sharing photos of patients, medical documents, or other personal information without written consent
  3. Accidentally sharing any of the above while sharing a picture of something else (e.g. visible documents in a picture of employees)
  4. Assuming posts are deleted or private when they’re not

The easiest solution? Keep strict policies in place for how employees can use social media.

You should have rules in place, BUT you shouldn’t cut off access completely - social media can hugely benefit your practice when used correctly.

4 Uncomfortable Examples of Social Media HIPAA Violations


A nurse treated a patient with a gunshot wound, who was also accused of killing a police officer. She expressed some less-than-savory wishes towards this patient on social media.

Although names were left out, she posted enough details about the incident that social media users could connect her post with news coverage of the situation. She was quickly fired.


A nurse contributing to a public blog wrote about a specific patient. Again, she didn’t use their name, but other details in her description made it relatively easy to figure out who she was talking about.

She received a warning, almost lost her job, and added a permanent mark to her reputation.


Two medical employees shared a screenshot of a patient’s name and STD diagnosis to a Facebook group. The group had 2,300 members, and there were unpleasant comments made about the patient and her diagnosis.

The patient sued for over $25,000 and the employees involved were fired.


A med tech posted on Facebook about a car crash victim. The post said, to quote, “Should have worn her seatbelt…”

This seemingly vague comment contained enough information to identify the patient. She was then fired for a HIPAA violation.


Social media HIPAA violations are uncomfortably common, and can be difficult to predict or prevent. However, the consequences of compliance breaches remain the same. 

One way to prevent these violations is to get proper compliance training for your staff. Even further, if you're hesitant to use social media to promote your practice, healthcare social media management can help you capitalize on social media while remaining compliant.

Related posts:

11 HIPAA Technical Safeguards to Improve Healthcare Data Security

13 HIPAA Social Media Guidelines & Online Compliance Tips

free practice analysis with 99mgmt

Topics: Compliance, Liability, HIPAA, Social Media