LinkedIn is one of the largest social networks on the planet and a great place for professionals to connect online. Millions of healthcare providers are active on it. Does that mean LinkedIn is HIPAA compliant? We'll answer that question in the following post and also recommend precautions and best practices so you can use the platform confidently, effectively, and in a HIPAA compliant manner.
Founded in 2002, LinkedIn is the world’s largest professional network. It has expanded to 690+ million users in over 200 countries worldwide. According to LinkedIn , “You can use LinkedIn to find the right job or internship, connect and strengthen professional relationships, and learn the skills you need to succeed in your career.” There are over 30 million companies present on the platform, including millions of healthcare practices and medical offices.
The business associate agreement and HIPAA compliance
A business associate is a person or company that performs certain functions or activities that involve the use or disclosure of protected health information (PHI) for a covered entity. If a business associate handles, stores, or in any way uses PHI for a covered entity, then a business associate agreement (BAA) must be in place. A BAA is a written contract between a covered entity and a business associate and is required by law for HIPAA compliance.
Is LinkedIn HIPAA compliant?
LinkedIn will not sign a BAA with covered entities. However, this does not mean healthcare providers cannot use it. It simply means that covered entities must steer clear of transmitting any PHI via the platform.
Conclusion: LinkedIn is not HIPAA compliant because it will not sign a BAA. However, covered entities can use it—as long as they do not share any PHI.
How medical professionals use LinkedInThere are countless reasons that healthcare professionals use LinkedIn. Forty-six percent of physicians participate in social networking for professional purposes. But why? For starters, LinkedIn profiles work as extensive digital resumes. They allow medical professionals to share certifications, awards, and even write recommendations for other professionals. For individuals, LinkedIn is a powerful way to position yourself as an industry leader. It’s perfect for staying active in the industry and sharing expertise. But it’s also great for companies. Many healthcare organizations have a page for their businesses on LinkedIn. These company profiles allow you to:
- Connect your employees online to represent your team
- Encourage professionalism within your brand
- Position your practice as a leader in its field
- Share industry news and educate others on important topics
- Provide social proof for your business
Another reason to leverage LinkedIn is for improving your company's search engine optimization (SEO). LinkedIn is highly optimized by search engines like Google and probably ranks higher than your company's website. Your LinkedIn company and personal profiles, plus the content you write and share, will put your business at the top of web search results— especially if you optimize your page. Why does SEO matter? The higher your site(s) rank, the more traffic they will attract. That means more eyes on your business and more visitors to your website. Just be sure to include keywords in your content and follow other SEO best practices for LinkedIn. LinkedIn is also a great place to check out your competitors. Since you can research and follow medical facilities , you can keep an eye on competitive developments.
HIPAA violations on LinkedIn
As beneficial as LinkedIn can be, the platform can be a source of serious threats. The most obvious way a medical professional can violate HIPAA is by accidentally sharing a client’s protected health information ( PHI) . Be sure to avoid posting anything that includes any of the 18 PHI identifiers . A surprising way you could violate HIPAA is if you use your work email address for your LinkedIn login. Allowing LinkedIn to use this email might allow the platform to read, store, or modify your emails, even those with PHI. This is prohibited for healthcare providers!
SEE ALSO: The Complete Guide to HIPAA Violations
HIPAA compliance best practices for LinkedIn
HIPAA places limitations on what healthcare practitioners can say online. That means you should educate yourself and your staff with best practices for Linkedin and all social media.
SEE ALSO: Is Instagram HIPAA compliant?
To stay HIPAA compliant on LinkedIn:
- Understand what information constitutes PHI
- Never post any information that can be interpreted as PHI
- Do not disclose if a patient received any services
- Use broad terms to address “all patients” rather than addressing individuals
- Do not diagnose or describe any prognoses, symptoms or courses of treatment
- Use HIPAA compliant email to contact patients (or potential patients) directly—do NOT use LinkedIn to message patients either privately or publicly
Simply put: If a patient might be identified, don’t say it on LinkedIn!
How to be successful on LinkedIn
Fifty-nine percent of healthcare professionals find that LinkedIn is an essential marketing tool . You too can experience success with some basic marketing strategies , even if you’re just getting started. First, combine your social media strategy with other content marketing. This will help build your audience and amplify your message. Then, recycle the content that you produce. If you post on LinkedIn, consider repurposing that information into an email newsletter—and vice versa. A HIPAA compliant email marketing platform can amplify your brand online. Email marketing not only expands your reach, but it allows you to craft how others view you and your practice. You can use email marketing to advertise your social media pages and gain more followers.
Paubox Marketing makes email campaigns like this possible in a HIPAA compliant manner. You can send personalized marketing emails that include PHI directly to your recipients’ email boxes—no passwords or portals required. Read more about what sets Paubox Marketing apart from non-HIPAA compliant solutions (such as Mailchimp and Constant Contact ) here .