Healthcare Practice Social Media Compliance Checklist

1. Content Creation & Approval

• Content reviewed for PHI and compliance with HIPAA/HITECH
• Obtain written patient consent before posting patient information or images
• Content reviewed/approved by compliance officer or team
• Avoid sharing identifiable case details or testimonials without consent

2. Social Media Account Management

• Access limited to authorized staff only
• Two-factor authentication enabled for all accounts
• Staff trained on social media policies and privacy requirements
• Account credentials tracked and updated regularly

3. Monitoring & Responding

• Monitor comments and messages for PHI disclosures
• Have a protocol to remove non-compliant comments promptly
• Redirect patient inquiries to secure/private channels

4. Branding & Disclaimers

• Include disclaimer: "Content for informational purposes only, not medical advice"
• Identify official accounts and brand assets clearly

5. Record Keeping

• Archive posts and engagement according to policy requirements
• Maintain records of consent documentation

Notes