How To Keep Your Medical Spa Patient Privacy HIPPA Compliant

All medical providers are required to adhere to HIPPA requirements and regulations. This includes keeping your medical spa patient privacy HIPPA compliant.

Not adhering to these rules can be costly.

Your social media and website blog are great platforms to share and exchange information with patients. But, before responding to comments about a patient’s medical spa experience, be mindful of how you respond. Ignoring your medical spa patient privacy has potential consequences if your response is not HIPPA compliant.

Albeit HIPPA mostly deals with hospitals, health care providers, and insurance, the law is clear. And it requires that all patient information is kept confidential and secure. To that end, this applies to your medical spa patients since you are providing medical services.

While getting positive feedback is exciting, you should keep these important rules in mind when you respond.

Keeping Your Medical Spa Patient Privacy HIPPA Compliant

Oftentimes, patients write reviews and mention staff members by name. That’s perfectly legal and probably makes you feel good as the recipient. However, you cannot reciprocate and confirm their statement. Doing so is acknowledging their status as a patient, and this is a HIPPA violation.

Instead, you should just respond with a heartfelt “your kind words are appreciated”, or “thank you so much”. You cannot reveal what procedures the patient may have had (but your patients can). The idea is to politely respond without affirming your relationship to them. But, saying “we’re happy you’ve been a patient for [procedure]” is disclosing sensitive, private information. This makes your medical spa not compliant with HIPPA patient privacy rules.

Providing Medical Advice

As a medical spa, you provide information about your products and services in an open forum online. But, be careful how you answer patients’ questions.

For instance, during a discussion with a patient, your medical staff accidentally refers to the person as being a patient. “Of course, I recall your visit. You came in for [procedure] last year!” Your response is non-compliant for HIPPA.

So, play it safe. Besides, you can always have them book an appointment to exercise discretion.


Sometimes, it can be a difficult task maintaining patient confidentiality. But, you can make it less complicated for your online community. As an example, you can remind your members that your blog, social media and the internet in general is public domain. So, everything they say and do is visible to everyone.

That said, your patients will be conscious of the risks of publicizing information they may not want public. Hopefully, they’ll be more heedful with their posts and comments. This in turn should make it easier to manage their content and avoid a HIPPA inquiry.

Managing Patient Photos

They say, a picture is worth a thousand words. In this case, it could be a few thousand dollars if your medical spa patient privacy is not HIPPA compliant.

Most medical spas display before and after photos to showcase their experience. However, you need the patient’s written consent allowing your medical spa to use those photos. Moreover, showing just the body or blacking out the eyes does not assure anonymity. Don’t try to circumvent the system. Ask the patient for permission to use their photo.

Nothing is private online. This includes when you choose “only show to friends” or similar options on social media. By all means, use social platforms to promote your medical spa business, but do so with patients’ privacy in mind.

You may also enjoy reading: The Best Way To Boost Your Salon or Spa Marketing and Rock on Social Media

About the Author

Darrel Carpenter

Darrel is the Director of DevOps at Envisager Studio. He has 10 years of education, more than 20 years of engineering experience, and 3 decades of tireless tinkering. He’s responsible for all the infrastructure that powers our client’s websites, emails and more. He is a member of the Mensa Society. In his spare time, Darrel writes about servers, content management systems, cloud computing, web hosting, and more.

How To Keep Your Medical Spa Patient Privacy HIPPA Compliant

Leave a Reply