Handling private posts about the organization in HIPAA compliant way

Posted by Elizabeth Collins @ahecollins, Wed, Jun 10 7:07am

Scenario: A Facebook or Instagram user discusses a negative patient experience on their private timeline. That user has friends or followers that are Hospital employees. The employee screenshots the non-public post and sends it to our risk management team. Or, the employee decides (against our policy) to reply to the post as a Hospital representative.

Question: Is it a violation for thevemolpyee to screenshot the private post? Shuld the risk management team add the screenshot and scenario into our QDC system? For legal protection and to track with the care teams?
Also, correct me if I'm wrong, but we should not as a Hospital employees reply to a private post like that unless the Hospital is actually tagged in it, right?

Thank you for your help, I am working on updating our policies.

I think this one needs to be run by your attorney. It’s messy, and likely involves more than just HIPPA.


Hi Elizabeth, I agree with Matthew – it's best to speak with your organization's attorney about this scenario. In the past, I've received screenshots about our brand within private groups or private posts but would only share that information with our patient experience team to learn from it. I've never responded publicly to them. However, I have responded to private posts where the brand was tagged and misleading information was shared. My responses to those posts were always very generic – directing the person to our patient experience team or the PR department.

Liked by Nancy Jean

Please login or register to post a reply.