HIPAA Handbooks

  • Privacy and security training for new and seasoned staff
  • 11 staff/setting focus areas
  • Education on protecting PHI
  • New HITECH Act changes
  • Discounts on bulk purchases



  • Role-based training using real-life case scenarios
  • Test-your-knowledge exercises with remediation
  • Post-course test to document staff participation


Other HIPAA Resources

  • Hot-topic audio conferences
  • Books on privacy and security
  • Newsletters
  • e-Newsletter
  • Videos



Q&A: Patient stories on the internet

Email This Post Print This Post

Q: I've been struggling with HIPAA authorization requirements regarding website postings of patients' healthcare stories. If patients voluntarily post their stories on our Facebook or other social media sites, can we use those stories in other media, such as fundraising brochures, without obtaining specific authorization?

A: No. Even though patients sometimes post their stories on an organization's social media website, you should not use these stories for other ¬purposes without the patient's written authorization. Patients may be willing to share their stories publicly, but they may not want them used for other purposes, such as fundraising.

Mary D. Brandt, MBA, RHIA, CHE, CHPS, a nationally recognized expert on patient privacy, information security, and regulatory compliance, answered this question for the Briefings on HIPAA newsletter. Advice given is general. Readers should consult professional counsel for specific legal, ethical, or clinical questions.
Categories : HIPAA Q&A

Leave a Reply