Social Media in Healthcare: A Slippery Slope

MedPro Group Patient Safety & Risk Solutions

February 25, 2021

Reading time: 11 minutes

“Social media” is an umbrella term that refers to websites and applications that facilitate electronic interactions and content sharing. Examples of social media include email, messaging apps, social networking sites, blogs, video-sharing sites, and more.

Widespread proliferation of social media in the United States and around the world has connected people in new and engaging ways that traditional forms of communication have not. The ability to quickly communicate and share information has shaped how people interact as well as their expectations related to those interactions.

Research shows that nearly 70 percent of U.S. adults use social media sites — such as Facebook, Twitter, Instagram, YouTube, Snapchat, LinkedIn, and Pinterest — and the typical American uses three of these networking sites.1 Because social media use is more prevalent with younger age groups, it is realistic to assume that its popularity and role in many types of communication will continue to grow.

In the past, healthcare was relatively slow to implement social media as marketing and communication tools, primarily because of concerns about violating patient privacy. However, as consumer demand has risen, and organizations attempt to find new ways to connect with patients, social media is becoming more of a mainstay for healthcare organizations of all types and sizes. Yet, with social media benefits come risks; leveraging social media for professional purposes can be a slippery slope, and its use in healthcare presents various challenges.

This article discusses opportunities and common risks associated with using social media for healthcare communication and delivery, and it also strategies that healthcare providers and their staff members can implement to reduce risks.

What Are the Potential Benefits of Social Media?

The use of social media can bring significant communication and educational benefits to both healthcare providers and consumers. Data show that 88 percent of physicians use the internet and social media to research medical information, more than half of physician practices have a Facebook page, and 80 percent of internet users who engage on social media are looking for health information (nearly half of which are searching for information about a specific doctor or healthcare professional).2

Many healthcare providers use social media to connect with professional groups and peers and to stay up to date with new information and research that might affect patient care and daily practice. Further, providers use social media to post educational content and other information for patients, to market and advertise services, and to enhance visibility and reputation.

For consumers, social media can assist with searching for new healthcare providers, keeping up with healthcare issues and concerns, finding support groups, researching alternative medications and side effects, tracking information from health apps, and more. Data from the Pew Research Center show that more than one-third of U.S. adults have used the internet to try to figure out a medical issue, and other research shows that social media tools influence the choice of a specific hospital, medical facility, or doctor for 4 in 10 people.3

What Are the Risks of, and Strategies for, Using Social Media?

Undoubtedly, social media offers various functions that may potentially enhance the dissemination of healthcare information and communication among healthcare providers and between providers and patients. But what about the risks? Like any type of technology, social media can create safety and liability issues if it is not used responsibly. Additionally, because social media changes rapidly, standards and best practices are not always well-defined.

To address these challenges, healthcare providers should be aware of the potential risks associated with digital interactions, develop detailed social media policies, and implement risk strategies to safeguard their patients and practices.

Maintain Privacy and Security

In healthcare, one of the most significant concerns related to social media is the need to maintain strict confidentiality and safeguard patients’ protected health information (PHI). This obligation is addressed in federal law and governed by the U.S. Department of Health and Human Services (HHS) under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Many states also have laws related to privacy and security of patients? PHI — and these laws might be more stringent than federal laws.

Because the boundaries between appropriate versus inappropriate and personal versus professional use of social media can easily blur, managing privacy risks can be challenging. For example, numerous instances have occurred in which healthcare workers have posted pictures of, or details about, their patients on their professional or personal social media pages without patients’ consent. Regardless of whether these actions were intentional or inadvertent, they violated confidentiality and the patients’ privacy rights.4 The ECRI Institute explains that social media can elevate privacy concerns because these digital platforms “distribute information instantaneously to a wide audience and because, unlike verbal conversations, use of social media creates a permanent electronic record that is likely discoverable in litigation.”5

A number of risk strategies can help healthcare practices address privacy concerns related to social media. For example:

  • Do no post or publish any content on social media sites that contains identifying information (including photographs and testimonials) without the patient’s permission and written consent. The consent should explicitly state how the information will be used.
  • Consider prohibiting the photographic use of cellphones and other portable electronic devices (PEDs) as part of organizational policy.
  • Have someone who is familiar with HIPAA and state privacy regulations review social media content to ensure information does not violate patient confidentiality.
  • Train staff on HIPAA and state privacy laws, and educate them about the consequences of violating these regulations.
  • Ask staff members to sign confidentiality agreements, and maintain a signed copy of the agreement in each employee’s personnel file.
  • Be aware that responding to a patient post or review on a social media site might violate privacy laws.
  • Understand the technical limitations and terms and conditions of any social media sites that you plan to use. For example, information sent via messaging functions is likely not encrypted, and the site might maintain the right to access any personal information.

Taking steps to address privacy concerns by developing social media policies and implementing strategic safeguards can help protect patients and reduce liability exposure.

Establish Appropriate Boundaries

Social media can create a new dynamic in provider/patient relationships, and it also can generate potential problems. A position paper from the American College of Physicians (ACP) and the Federation of State Medical Boards (FSMB) titled Online Medical Professionalism: Patient and Public Relationships: Policy Statement, explains that “Use of online media can bring significant educational benefits to patients and physicians, but may also pose ethical challenges.“6

In speaking with HealthLeaders Media, Dr. Humayun Chaudhry, FSMB President and CEO, warned that “Anything physicians post on sites can be forwarded, taken out of context, and accessed and retrieved in perpetuity. That’s a fact that many physicians don’t always think about when they engage in social media.”7

Because social media is used for both personal and professional purposes, the boundaries between the two can sometimes become difficult to distinguish. However, healthcare providers generally should assume that their staff members and patients are likely using some form of social media, and anyone could potentially see social media posts that the provider or a staff member creates, as well as what anyone else writes about the healthcare practice on social media sites.

Because of these concerns about personal and professional boundaries, the ACP-FSMB paper advises providers to keep their personal and professional social media activities separate and to “comport themselves professionally in both.”8

For example, healthcare providers should not “friend” patients on Facebook or mix social relationships with their professional relationships. Instead, they should apply the same ethical principles that govern their traditional patient encounters to their online interactions with patients, including privacy and confidentiality standards.

Further, providers should be aware of the implications of offering online information that might be construed as personal healthcare advice. Doing so could inadvertently trigger a duty to care, and it also may pose patient safety concerns. Because of this, electronic media should include standard disclaimers and disclosure language that explain the nature of the communication (e.g., for informational purposes only) and caution users against interpreting the content as healthcare advice.

Develop Social Media Policies

Developing and implementing social media policies and guidelines are essential steps for managing risks associated with social technology. Include staff members in the initial planning and drafting of policies, and ask them to help identify and assess potential issues.

Key areas to consider when developing organizational social media policies include:

  • The practice’s goals and target audience for social media communication
  • Acceptable and unacceptable use of social media, with explicit examples
  • Who is authorized to develop and post social media content on behalf of the practice
  • The review and approval process for social media content
  • Standard disclaimer and disclosure language
  • The patient consent process
  • Terms of use for visitors on the practice’s sites
  • The process for reporting inappropriate use of social media

When developing these policies, keep in mind that social media is dynamic and constantly changing. To address this, create policies that are flexible and adaptable to new or changing social media technologies. Doing so will help avoid the need for constant updating.9

In addition to having policies for social networking websites (e.g., Facebook, Twitter, and Instagram), healthcare practices also should have written guidelines for the use of email and other types of electronic messaging, such as texting and portal communications.

The American Medical Association’s (AMA’s) Code of Medical Ethics outlines key strategies for managing electronic communication risks, which include:

  • Upholding professional standards of confidentiality
  • Maintaining privacy, security, and integrity of patient information
  • Notifying patients about the limits of electronic communication
  • Obtaining patients’ consent for using electronic communication prior to sending privileged information
  • Presenting medical information in a manner that meets professional standards
  • Being aware of laws that determine when a physician/patient relationship has been established
  • For more detailed information, see AMA’s Code of Medical Ethics Opinion 2.3.1 — Electronic Communication With Patients.10

The American Dental Association’s (ADA’s) guidance on electronic communication notes that while it can be beneficial, it can also “raise significant considerations.”11 Like the AMA, the ADA cautions that patients should be notified about, and accept the risks of, communicating electronically before such communication is used.12

When developing an electronic communication consent form, consider including the following information:

  • Types of services and information that are suitable for electronic interactions (e.g., nonemergent questions/concerns, prescription refills, appointment requests, etc.)
  • Criteria for establishing a provider/patient relationship
  • Notice of whether the electronic communications originating from the practice are encrypted
  • A statement notifying patients to contact emergency medical services if they are experiencing an urgent problem
  • The general turnaround time for responding to electronic communications
  • The right of the healthcare provider to refuse to make conclusions or decisions regarding treatment based on information obtained electronically

The electronic communication consent form should also include (a) a statement that the patient has read and accepted the policy, and (b) a place for the patient’s signature. The healthcare practice should maintain the signed release in the patient’s record.

Control Quality and Monitor Your Online Presence

Part of maintaining a professional presence online is monitoring the quality of information posted or sent on behalf of your practice. Information should be accurate, current, objective, and nonambiguous. Policies that establish who is responsible for developing content and how content is reviewed and approved will assist with quality control efforts.

Depending on the type of social media being used and/or the control settings, site users might be able to post content or comments to the practice?s social media pages. Understanding the types of media the practice is using and how users can potentially interface with it are important aspects of quality control.

Organizational social media policies should include a mechanism for monitoring online presence and managing negative, offensive, or inaccurate information. To ensure consistency with organizational policy, healthcare leaders or administrators might want to consider assigning one person to review external comments, posts, and responses and handle them accordingly. Keep in mind that comments and responses from staff members must comply with privacy standards.

Educate Healthcare Providers and Staff Members

Educating providers and staff members about how much and what types of personal and professional social media usage and tools are acceptable in the workplace is an essential risk management strategy.

A report from the Pew Research Center shows that the majority of workers use the internet and social media on the job for various personal and work-related activities.13 In healthcare settings, a significant challenge is instilling common sense and discretion regarding personal and professional use of these technologies. Organizational policy should define appropriate use of the internet and PEDs (such as cellphones and tablets). For example, the policy might require that employees turn off their personal phones during office hours and retrieve and respond to their messages during breaks.

Education about the practice’s social media policies, as well as discussions about the potential risks and liability issues associated with social media, should be included as part of orientation training and ongoing staff education. Providers and staff members also should be aware of the disciplinary actions for violating the practice?s social media policy.

In Summary

Social media can serve many useful purposes in healthcare by facilitating communication, enhancing information sharing, and promoting services. However, with these opportunities come challenges. Maintaining privacy and confidentiality, establishing appropriate boundaries, developing written policies, monitoring online activities, and educating providers and staff members should remain in the forefront of healthcare practices’ risk management strategies for social media. Further, as these technologies continue to evolve, healthcare practices will need to adapt to ensure a safe and respectful environment for patients, staff, and providers.


A byproduct of the social media boom is an increased number of websites that allow patients to provide online reviews of healthcare providers. Although many patients find these sites helpful in selecting or validating their provider choices, healthcare providers face challenges with responding to critical reviews. For strategies on addressing these situations, see MedPro’s Risk Tips: Managing Negative Online Reviews From Patients.

For a helpful tool, download MedPro Group’s social media checklist for healthcare practices.


  1. Pew Research Center. (2018, February 5). Social media fact sheet. Retrieved from; Smith, A., & Anderson, M. (2018, March 1). Social media use in 2018. Pew Research Center. Retrieved from
  2. Southern Medical Association. (2017, July 12). Social media & health care by the numbers. Retrieved from
  3. Fox, S., & Duggan, M. (2013, January 15). Health online 2013. Pew Research Center. Retrieved from; Brimmer, K. (2012, June 13). PwC report shows importance of social media to healthcare. Healthcare Finance. Retrieved from
  4. Ibid.
  5. ECRI Institute. (2011). Social media in healthcare. Healthcare Risk Control (Supplement A).
  6. Farnan, J. M., Sulmasy, L. S., Worster, B. K., Chaudhry, H. J., Rhyne, J. A., & Arora, V. M. (2013). Online medical professionalism: Patient and public relationships: Policy statement from the American College of Physicians and the Federation of State Medical Boards. Annals of Internal Medicine, 158(8), 620?627.
  7. Clark, C. (2013, April 12). ACP, FSMB issue stern guidance on social media. Retrieved from
  8. Farnan, et al., Online medical professionalism.
  9. ECRI Institute, Social media in healthcare.
  10. American Medical Association. Code of medical ethics opinion 2.3.1: Electronic communication with patients. Retrieved from
  11. American Dental Association. (2010). Dental records. Retrieved from
  12. Ibid.
  13. Lampe, C., & Ellison, N. B. (2016, June 22). Social media and the workplace. Pew Research Center. Retrieved from

Additional Practice Tips content

Practice Tips

Burnout in healthcare is rampant, and it is not limited to one clinical setting or a particular type of provider….

Practice Tips

Altering documentation in patient records can have serious consequences, including allegations of fraud and professional misconduct – and it also can…

Practice Tips

The quality, knowledge, and dedication of employees play a significant role in the success of any business or organization, including…

This document should not be construed as medical or legal advice and should not be construed as rules or establishing a standard of care. Because the facts applicable to your situation may vary, or the laws applicable in your jurisdiction may differ, please contact your attorney or other professional advisors if you have any questions related to your legal or medical obligations or rights, state or federal laws, contract interpretation, or other legal questions.

MedPro Group is the marketing name used to refer to the insurance operations of The Medical Protective Company, Princeton Insurance Company, PLICO, Inc. and MedPro RRG Risk Retention Group. All insurance products are underwritten and administered by these and other Berkshire Hathaway affiliates, including National Fire & Marine Insurance Company. Product availability is based upon business and/or regulatory approval and/or may differ among companies.

© MedPro Group Inc. All rights reserved.