I read 45 CFR 164.510 the same way. A detailed authorization specific to the PHI disclosure would be needed in each unique instance. On the one hand, the patient is self-disclosing so the Privacy Rule no longer applies. However, the FaceBook contract stating "You own the content you create and share on Facebook..." and "These guidelines apply if you create or administer a Facebook Page, group, or event, or if you use Facebook to communicate or administer a promotion," introduces this privacy risk on the part of the covered entity even as it's the patient doing the posting (but you own the shared content on your page.) I'm not a lawyer, this is just my opinion.
That aside, I'm struggling to see the value in having a FB page where patients can post anyway.