Do you know that Instagram is not HIPAA compliant?

Instagram has repeatedly declined any offers of signing a business associate agreement (BBA) with covered entities. As a reminder the term “covered entities” encompasses Health Plans, Healthcare Clearinghouses, and Certain Healthcare Providers.* ⁠ ⁠

The BBA is a contract between a person or company that performs certain functions or activities that involve the use or disclosure of protected health information (PHI) for a covered entity.** If a business associate is responsible for any of the handling or storing of PHI in any way, a BBA is required between the covered entity and the business associate by law.⁠ ⁠

What does this mean for you, as a healthcare provider? While you may still use the platform as a way to share information and communicate with clients, you must be extremely cautious to never share information that is considered protected health information. Since HIPAA was enacted before the ever-popular social media platforms launched, there are no HIPPA rules specific to social media. ⁠ ⁠

Below, I’ve shared a few ways that you and your team can ensure HIPAA compliance on Instagram. These include:⁠ ⁠

• Conducting frequent training on social media HIPAA compliance⁠

• Ensuring you and your team have a firm understanding of what the PHI constitutes under HIPAA regulations⁠

• Don’t post any information that could be interpreted as PHI⁠

• Reference your practice and clients in general terms, refrain from specifics⁠

• Address “all patients” rather than individuals⁠

• Do not diagnose or describe any prognoses, symptoms or courses of treatment⁠

• Do NOT use Instagram to message patients either privately or publicly regarding their treatments ***⁠ ⁠

More information than ever before is being shared by providers across social media platforms with concerns and updates regarding COVID. Ensuring updated team training regarding social media and HIPAA compliance is crucial. ⁠ ⁠

*Paubox⁠ **Hipaa Journal⁠ ***Paubox