Is Twitter HIPAA Compliant?
by Amanda Larson
Twitter is one of the largest social media giants, filling the internet with 6,000 tweets per second. Seventy-five percent of B2B businesses market on Twitter, and many healthcare providers use the platform. That leads us to ask: Is Twitter HIPAA compliant?
This blog answers that question plus recommends best practices so you can tweet without breaking HIPAA privacy rules.
Founded in 2006, Twitter is a microblogging website, although it’s more commonly referred to as a social media platform. Twitter allows users to share short posts (no more than 280 characters) called “tweets.”
Since its launch, Twitter has grown to 330 million monthly users who send more than 500 million tweets per day. As Twitter says, you can “follow everything from breaking news and entertainment to sports, politics, and everyday interests. Then, join the conversation.”
Twitter is also the birthplace of the hashtag. By placing a # in front of any unbroken phrase, your words are linked to all other tweets which include the same #hashtag. This provides context for your posts and gives them longevity.
The business associate agreement and HIPAA compliance
If a business associate handles, stores, or in any way uses PHI for a covered entity, then a business associate agreement (BAA) must be in place. A BAA is a written contract between a covered entity and a business associate and is required by law for HIPAA compliance.
Is Twitter HIPAA compliant?
Twitter will not sign a BAA with covered entities. Twitter’s Terms of Service states:
“You are responsible for your use of the Services and for any Content you provide, including compliance with applicable laws, rules, and regulations. You should only provide Content that you are comfortable sharing with others.”
Healthcare providers can still use Twitter, but it’s up to covered entities to remain HIPAA compliant. That means never transmitting any PHI on the platform.
Conclusion: Twitter is not HIPAA compliant because it will not sign a BAA. However, covered entities can use it—as long as they do not share any PHI.
How medical professionals use Twitter
Healthcare providers, professionals, practices, and all sorts of covered entities are present on Twitter. More than 60% of doctors say that social media improves their patients’ quality of care.
There are many benefits to using Twitter for business. In fact, 85% of small and medium-sized businesses use Twitter to provide customer service. However, covered entities must steer clear of sharing any PHI on the platform, which limits the ways they can use it.
For example, while many businesses use Twitter for interacting with customers and addressing concerns or compliments publicly, this is dangerous territory for healthcare providers.
PHI according to HIPAA regulations is any piece of information in someone’s medical record that can identify the person. It ties a medical condition to an individual. Any personal detail linked to someone’s health condition automatically becomes PHI.
For example, patient name or email alone can be considered PHI if it is in any way associated with a healthcare provider—such as in responding to a tweet.
However, there are many other reasons that healthcare professionals can use Twitter safely, such as:
- Brand awareness: Twitter is a simple gateway to share information about your practice.
- Staying relevant: The platform is a smart place to discover what’s happening right now in your medical field. Follow trends, industry updates, and news to stay in the know.
- Educating the public: By sharing facts, case studies, and advice, you can educate your audiences and encourage healthier lifestyles, or even share helpful COVID-19 information.
- Humanizing care: Twitter is a platform to have fun and show personality.
There are countless medical-focused influencers on Twitter. These 50 healthcare Twitter influencers provide great examples of how to use the platform and grow your own following.
If you’re just starting out, follow other practices, hospitals, pharmaceutical companies, and other local businesses in your area for inspiration.
HIPAA violations on Twitter
Twitter is a great platform for medical professionals, but it can lead to HIPAA violations. Social media was the source of 56% of the 4.5 billion compromised data records in the first half of 2018.
One example of a HIPAA violation is when a Northwestern Medical Regional Group employee posted a patient’s records on Twitter. Although in this example the data leak was deliberate, many healthcare professionals release PHI accidentally.
SEE ALSO: The Complete Guide to HIPAA Violations
What not to share on Twitter
It is possible to use Twitter in a HIPAA compliant manner if you and your staff follow a few basic rules:
- Understand what PHI is and what data it involves
- Never post any information that can be interpreted as PHI
- Don’t post about a patient or any specific medical cases
- Don’t message patients through Twitter, including direct messages—instead, use HIPAA compliant email to contact individuals directly
SEE ALSO: Is Instagram HIPAA compliant?
What you can share on Twitter
According to Twitter, doctors can connect with patients, share interesting health-related content, and answer general questions (not about a specific person’s health condition).
You can also simply tweet your existing content. Break up your blogs, emails, and announcements into short, easy-to-read tweets. Your content will stretch farther on Twitter.
Next, engage. Join conversations, ask and answer questions, and get involved. Twitter is a platform for interactions; be sure to make them routinely—but again, without sharing PHI!
Be sure to discover and follow a few hashtags related to your industry or niche. Include images, videos, and even GIFs in your tweets too to increase engagement.
To boost your Twitter following, use a HIPAA compliant email newsletter to advertise your Twitter profile to your audience. Better yet, you can use Twitter to grow your email subscriber list too. It’s a win-win.
Paubox Marketing makes email campaigns like this possible while staying HIPAA compliant. Sending personalized marketing emails is easy because it allows you to include PHI directly in emails—no passwords or portals required.
When social media and HIPAA rules block your communication efforts, Paubox’s HIPAA compliant email is there to make it happen.