Protect Your Practice’s Social Media Accounts

Social media is a terrific way to reach out and stay in contact with your patients. However, the risks created by social media cannot be ignored. Individuals, even major corporations, are having their accounts hacked, sometimes even taken over by the perpetrator.

What if someone got hold of your Twitter account? Your Facebook page? For an individual, this is an annoyance. For a HIPAA-covered entity, this could become a HIPAA incident, or worse, a breach.

Controlling access to your social media accounts is just the first step in ensuring their security, says Katie Lay of HIPAA Risk Management, a HIPAA security consulting company, and co-author of TMA's publication, HIPAA Security: Compliance and Case Studies. Most social media platforms now provide two-step verification (TSV) (also known as two-factor authentication). TSV requires two of three authentication factors: (1) knowledge, (2) possession, or (3) inherence.

An example would be using your debit card at an ATM. It requires your card (possession), and your PIN (knowledge). On social media platforms such as Twitter and Facebook, TSV also uses the knowledge and possession factors. You log in as normal, with your username and password. Once that is successful, you will receive a text on your cell phone giving you a unique code number that you'll use to complete the login process. Using this method, anyone trying to access your account would require the knowledge of your username and password, and would have to have physical possession of your phone.

Learn more about two-step verification and where you should be using it on this blog post

For more helpful information about elements of a comprehensive HIPAA compliance program, HIPAA Security: Compliance and Case Studies is available in the TMA Education Center, along with other HIPAA-related CME opportunities.

Published Sept. 24, 2014

TMA Practice E-Tips main page

Last Updated On

May 30, 2019

Related Content

HIPAA | Social Media