Social media sites like Facebook and Twitter have ushered in new ways for physicians to get in hot water. From malpractice to bad taste, here are a few cases to be aware of before you start posting any information about your professional life online.
No sooner did you join the social media revolution than you began to hear the doomsday warnings from the medical community. It’s not safe! It’s not secure! Don’t friend your boss or you could lose your job! It’s time for some straight talk about how physicians should, and should not, utilize social media.
For starters, let’s make sure that at the very least, your posts on Facebook, Twitter, LinkedIn, etc... are HIPAA compliant. You should know this standard by now, but it bears repeating: The HIPAA privacy rule protects, “all individually identifiable health information held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper or oral.” You wouldn’t share a patient’s medical record with a stranger, and you wouldn’t publish a medical photo in a journal that included a patient’s date of birth or social security number. It should come as no surprise that all the same legal rules apply when you’re posting on your favorite social media site – even if your account is set to “private”.
That said, complying with HIPAA is just the beginning – the low bar. Social media has ushered in new and innovative ways for physicians to get in hot water, even when the patient is unidentifiable. Here are a few scenarios to avoid.
In April 2011, one Rhode Island emergency physician posted a message on Facebook about a trauma case she’d seen. The post was brought before her hospital and state medical board, and while the post itself was deidentified, and therefore not a HIPAA violation, it was determined that the context of the post allowed community members to potentially identify the patient. The EP was terminated from her hospital, reprimanded by the state medical board, had to pay $500 and agree to mandatory continuing education. Again, no HIPAA violation – the State Medical Board went outside Federal Law to justify sanctions.
What Privacy Settings?
In September 2009, SUNY Upstate Medical University investigated a posting of images of an open craniotomy on the Facebook account of a former neurosurgical resident. The images contained no patient identifiers, nor were there any insignias in the image that would link the patient to the university or the physician. The photo was posted in the physician’s “private” Facebook account and viewing was limited to approximately 260 of the physician’s “friends”. Nevertheless, word got out and a full investigation was initiated. SUNY declared the posting “reprehensible” and the New York State Department of Health was notified of the event. In this case the institution did not find a HIPAA violation, yet the physician was still reprimanded.
No Statute of Limitations
What happens in cases where no HIPAA violation has occurred and the “patient” is not even alive? In 2010, a Stony Brook University medical student made headlines by posting an anatomy lab photo of a fellow student giving a “thumbs up” next to a cadaver . . . taken four years earlier. The photograph was taken, posted online, then forgotten about until a complaint was filed. The institution dealt with the situation by forcing the student to make a public apology. There were no obvious patient identifiers and no HIPAA violation occurred. After Stony Brook learned of the photo, it announced a revised policy that bans all picture taking in the anatomy lab.
So what’s an emergency physician to do?
Simply complying with your institution’s social media policy isn’t enough anymore. You may have protected patient privacy, but depending on the context, postings can raise issues including malpractice liability, defamation, violations of ethics/moral conduct and professional responsibility codes; protected labor discussion, fraud and contract law. The safest approach is not to discuss patient matters online in a record that cannot be destroyed once created. Furthermore, most issues have stemmed where the only violation was offense to a community member. Emergency physicians serve the public and to a degree are at the whim of the communities they serve. Until case law changes to protects physicians’ postings online, we’ll need to be very careful about what we say online. How we navigate these waters as physicians could determine whether or not you have a job tomorrow.
Currently in the U.S., over 75% of adults go online and 15% of U.S. adults use their mobile device to access health related information. According to Pew research, of those accessing health related information, 25% read someone else’s commentary or experience about health or medical issues via an online news group, website, or blog,
Regarding physicians, a survey by QuantiaMD reported that 87% of physicians use social media for personal use and 67% use these services professionally. In the professional context, physician communities (28%) and the professional networking website LinkedIn (17%) were popular and in the personal context, Facebook (61%), YouTube (31%) and LinkedIn (19%) topped the list.
Brian Kloss, DO, JD, PA-C is an attending physician at the Syracuse VA Medical Center and is the Director of the EM Fellowship for PAs at SUNY Upstate Medical University.
Kael Duprey, MD, JD is a resident physician at Long Island Jewish Medical Center