red balloon


Social media is not only enjoyable; it can actually be incredibly beneficial to the healthcare industry and patients alike. Assuming you avoid expensive mistakes in healthcare marketing related to HIPAA violations.

Should be common sense, but with the ease and convenience of web technology and social media, hasty mistakes are easy to make.

 Often times, there seems to be a disconnect; many healthcare professionals are quick to share protected health information online as part of sharing their days – information they’d never share with others outside of work. An innocent mistake could cost you, though, like this physical therapy provider. The practice added testimonials to it’s site, including patients’ full names and full face photos without HIPAA compliant written authorizations. The result is a $25,000 fine, and training and reporting requirements.

Good marketing idea, poor execution.

Marketing teams require specialized training to understand HIPAA, including:

+ documented social media guidelines (guidelines should also cover content that appears on your website and in external emails)

+ provide regular training at intervals, not just at new hire orientation; social media is always changing and so should your training

+ bonus: managers should have specialized NLRA training to handle complaints from employees, as social media posts may be considered protected concerted communications

red balloon specializes in developing social media guidelines and HIPAA compliance training programs for health care organizations, and we are here to help. Contact us today for more information at 480-270-5395.

healthcare professional using the computer

courtesy wikimedia

In 2011, a warning was given to a nurse for commenting on a blog post. It was a small-town newspaper site, and she used a nickname for the patient and the comment was a positive one. She never mentioned medical conditions or the name of the person. However, since it was a small town, other identifying factors made it clear who the nurse was mentioning. This violated the 18 personal identifiers listed by the Health Insurance Portability and Accountability Act (HIPAA) that must remain private. Just that easily, a well respected healthcare professional committed a HIPAA violation.

This is one of many examples of violations made online almost daily. In today’s world of sharing just about every aspect of our lives on social media, even the most innocent act can result in a HIPAA violation. It doesn’t matter if it’s shared in a positive spirit; there are civil and criminal penalties for employers and employees who divulge patient details without thinking.

So how do you protect yourself, your staff and your organization? Compliance officers know that new hires must undergo HIPAA compliance training. But are you offering refresher training for long-term personnel? And even better yet, training should be documented and it should be interactive (facilitate a dialogue and explain the material, discuss examples and consequences, don’t just hand written policies to new hires and ask them to read it).

A few important tips for training healthcare professionals to avoid HIPAA violations:

+ Keep personal and practice accounts separate.

+ Do not “friend” patients and clients.

+ Make sure everyone understands the 18 HIPAA personal identifiers, all which must stay private.

+ You do not have the right to take a photo of a patient on your phone, even under the happiest of circumstances. Just assume you cannot take any photos at all, with any camera, ever.

We all love to share our lives and what we are doing on social media (I know I do!), but in the medical field it is important to be discriminating, otherwise you could be facing civil and criminal penalties with just one click. A good rule of thumb is to never talk about any individual patient. Have questions about social media marketing or avoiding HIPAA violations? Contact me anytime at

I was asked recently to stop by the local Fox affiliate in Phoenix, Fox 10, to talk about upcoming tech trends for 2016. Predictions include tech tattoos, driverless cars, developments in artificial intelligence and virtual reality. And, one new item since the broadcast, we’re hearing rumors of needing to optimize for digital assistants (think Siri and Cortona) on the horizon. 2016 is going to be a fun year full of surprises for marketers! Enjoy. – Jenn

There are always changes taking place in the social media world, the past couple months have been no different. Check out this quick roundup of some of those changes on popular platforms Facebook, Instagram and Twitter. This article first appeared in our monthly newsletter – sign up here and never miss an update, and you’ll also receive our complimentary illustrated “Social Media for Executives at a Glance” guide by red balloon founder Jennifer Maggiore.

social media roundupFacebook When it comes to making changes Facebook is the front-runner. Users of personal profiles can now upload a short video avatar instead of static images… Doesn’t seem to be taking off yet… Marketers weren’t left out in the last round of updates. Facebook has introduced dynamic Local Awareness Ads for businesses with more than 5 locations. For example, if you have 5 restaurant locations and each has their own page, you can now run one set of ads which dynamically update text and contact info depending on where the consumer is. Related to this product, Facebook is also now offering insights on foot traffic around your business, learn more here.

Instagram Back in August, the site announced it would “think outside the box” by allowing users to post landscape and portrait images. Now you don’t have to choose which of your friends to crop out of your group shot! In all seriousness though, shape can drastically change the context of an image, so we think it’s a pretty cool move. The site also released an app update on Nov 10, which now supports iOS9, iPhone 6s and 6s+.

Twitter From the start, Twitter has encourage brevity by limiting the expression of our deepest thoughts to 140 characters. However, the Wall Street Journal says that may soon change, since the character limitation is actually based on 30 year old technology. Check that article out here.

London Clinic Reveals Identities of 700 Patients

Recently a clinic in London mistakenly revealed the identities of more than 700 patients with AIDS who’d signed up for an email-based appointment reminder service that included a monthly newsletter. The newsletter “To:” addresses were from an Outlook list, and were visible by anyone who received the email. As a result, there are two pending investigations into the incident and the clinic has suspended group email services.

Privacy issues should be a top concern for all marketers in this day and age, especially those working in digital marketing. And, obviously we’d be talking about a major HIPAA violation if this had happened here in the U.S. – it underscores the importance of not only training healthcare marketers in HIPAA laws, but requiring a high level of technical proficiency. While the article doesn’t say exactly how the email was sent, it’s easy to deduce that a secure third party email marketing service wasn’t used (like Constant Contact or MailChimp for example) which would’ve hidden recipients’ email addresses.

If you have questions about your organization’s marketing activities or social media compliance contact us today.