by Jason E. Lopata, Esq.
Facebook and other social networking websites are posing new ethical issues for physicians. Virtually every industry feels the impact of social media platforms like Facebook and Twitter, and healthcare is no exception. As physicians and providers discover the benefits of online marketing and learn to guard against the risks, practices must establish clear guidelines and procedures in how to use these new media. With questions such as “should I ‘friend’ my doctor on Facebook?” or “is it proper for a doctor to include information obtained online in a patient’s medical record?” there is much ambiguity as these new forms of communication and interaction become more widely used.
While many physicians may be using the technology like the rest of us, for keeping in touch with friends and family, the recent trend has shown that doctors are starting to use social media to reach out to consumers. Practices can introduce staff, highlight press coverage of the practice, offer general health advice, and share interesting links from around the web, all in an effort to interact with current patients and attract new ones. However, some doctors are also using the new media, such as Twitter, to bring patients’ families and the general public into the physician’s offices, sometimes providing operating room statuses and sharing step-by-step medical procedures. They may “tweet” real-time updates and videos as a way to reduce the fear factor of surgeries and educate people about the realities of certain procedures.
Yet, this raises major privacy concerns for the patient. Even with physicians making efforts not to release personal health information (PHI) through these social media (by not including full names of patients, only initials), questions arise as to the appropriateness of certain public broadcast of medical information. And with more patients having technology such as cell phone cameras and webcams, protecting privacy can be more challenging than ever before. The posting of unauthorized pictures or detailing embarrassing treatment stories are possible consequences of allowing Facebook “friends” to post on your practice’s “wall.” Therefore, practices must develop and implement safeguards across the entire practice – and this extends to the use of social media. A social media policy should be instituted by your practice so both physicians and staff understand what is acceptable use and communication.
So what does a practice need to be aware of before jumping into the social media deep end? In short, HIPAA, and its stated purpose of limiting the use of PHI to just treatment, payment, and relevant healthcare operations. Merely removing names and addresses from patient data will not suffice if such PHI is otherwise broadcast online. Instead, de-identified data (HIPAA specifies 18 “identifiers” that must be removed before PHI can be considered non-personal data) and limited data sets would better ensure confidentiality and the integrity of patient’s PHI. In light of the further restrictions to PHI found in the HITECH Act of 2009, practices face stiffer penalties, up to $50,000 for each violation, and must safeguard against unauthorized PHI disclosures in its use of social media.
Your best bet – DON’T use social media to tell about patients or their stories. Instead, keep posts limited to new information about your practice (such as new staff personnel, office hours, or changes to insurance requirements), articles and reading materials that your patients might find useful, and general information about specific ailments and their treatment.