Responsible Office: Institutional Compliance Office
Last Review: 04/01/2021
Next Review: 04/01/2024
Contact: Melanie Burlison, Privacy Officer
Related Policies: FI0160 – HIPAA Re-designation and General Policy
To establish guidelines for acceptable social media use to protect the privacy and safety of patients. This procedure applies to all social media sites whether it is a UTHSC site, a personal site, or whether commenting on other posts and sites.
UTHSC recognizes the value of on-line social media sites and blogs as vital resources to positively promote the University’s mission and values, operational goals, marketing and recruitment activities, as well as a forum for exchange of information by its workforce members. UTHSC will establish and maintain an organizational presence on popular social media sites in order to facilitate communication opportunities for patients, employees, faculty, staff, students, residents and other stakeholders in the communities served by UTHSC.
UTHSC strives to maintain the highest level of confidentiality of all patient personal health information. All patient information is strictly confidential and can be shared only with those who have a “need to know” according to their job duties and/or responsibilities. UTHSC patient information is provided solely for the purpose of conducting the business of the University. These guidelines are intended to ensure compliance with legal and regulatory privacy restrictions.
- Social Media or social networking refers to but is not limited to online networks such as Facebook, Twitter, Snapchat, and LinkedIn; Video/photo sharing websites such and YouTube and Instagram, and any other form of online publishing, including: blogs, discussion forums, newsgroups and email distribution lists.
- Workforce Members shall include all UTHSC employees, faculty, staff, students, residents and volunteers.
- Protected Health Information (PHI) is defined under Health Insurance Portability and Accountability Act (HIPAA) as all individually identifiable information that is created, transmitted, or maintained by a covered entity in any media-oral, written, or electronic (including images) related to the past, present, or future physical or mental health or condition of an individual. If the information is individually identifiable and is health information, then it is protected by HIPAA.
Social Media Guidelines
- UTHSC workforce members shall not sign up for personal accounts on social media (Facebook, Snapchat, Twitter, Instagram, blogs, or other types of social media sites) using their UTHSC email address. For personal accounts, use a personal email address as your primary means of identification.
- Do not post any UTHSC patient information (including but not limited to PHI, pictures or images) to social media sites or personal sites. This is prohibited even if the patient has provided authorization. Social media creates a potential risk of disclosing (inadvertently or otherwise) privileged or confidential information, including the identities of current or former patients. Alert your supervisor and/or contact the UTHSC HIPAA Privacy Officer if you see information posted by others that is confidential.
- You are personally responsible for your posts. The contents of social media posts because of one’s affiliation with UTHSC are not provided on the behalf of the University and do not express the opinion or position of the University. UTHSC workforce members engaged in personal and professional social media communications that reference UTHSC-related content should do so in a manner consistent with the University’s mission and values, administrative policies and procedures, and safeguards to ensure the privacy and security of patient health information.
- For UTHSC approved pages, including college and department sites – You should obtain a patient authorization that consists of a written and signed consent before you post UTHSC patient information (including but not limited to PHI, pictures or images).