OMG! Does Your Doctor's Facebook Status Violate HIPAA?
Co-authored by: Cory Fox
Recently, the Federation of State Medical Boards (“the Federation”) released its Model Policy Guidelines for the Appropriate Use of Social Media and Social Networking in Medical Practice (“Guidelines”). The Guidelines are intended to address how physicians can utilize social media to facilitate patient care while still maintaining the privacy and confidentiality of patient information and the appropriate level of professionalism.
Social media usage, such as Facebook, Twitter, LinkedIn and blogging, has increased amongst healthcare providers. One survey indicates that 87% of physicians use social media websites for personal use and 67% use social media for professional purposes. Another study indicates that 35% of physicians have received friend requests from patients or their family members, and 16%of physicians have visited an online profile of a patient or a family member. The expanded use of social media raises challenging questions for healthcare providers, such as the extent to which physicians can share their work experiences online without violating the privacy and confidentiality of their patients and how to clearly delineate appropriate boundaries of professionalism. An analysis of physician blogs found that nearly 17% included enough information about patients to identify them. The Guidelines state that 92% of state medical boards have reported violations of online professionalism, including Internet use for inappropriate contact with patients, inappropriate prescribing, and misrepresentation of credentials or clinical outcomes. This conduct has serious consequences for physicians, with 44% of disciplinary actions from inappropriate Internet use resulting in medical license revocation.
To address these issues, the Guidelines recommend that physicians abide by the following standards when using social media:
- Candor: Physicians should disclose any information that could influence patients’ understanding or use of the information, products or services on any website offering health care services or information;
- Privacy: Physicians should prevent the unauthorized access to, or use of, patient and personal data and to assure that any de-identified data cannot be linked back to the user or patient; and
- Integrity: Physicians should ensure that the information contained on their websites is truthful, up-to-date, and supported by relevant clinical evidence when necessary.
The Guidelines use these principles to provide guidance on the appropriate use of social media and social networking in the following contexts:
- Professionalism: Physicians should:
- Use separate personal and professional social networking sites, profiles, and e-mail accounts and ensure separation between the two;
- Report any unprofessional behavior to the proper authorities; and
- Observe the same standards of ethical conduct online that would normally be observed offline.
- Medical Board Sanctions and Disciplinary Findings: State medical boards have the authority to discipline for inappropriate online conduct, including:
- Inappropriate communication with patients;
- Use of the internet for unprofessional behavior;
- Misrepresentation of credentials;
- Violations of patient confidentiality;
- Failure to reveal conflicts of interest;
- Derogatory remarks regarding a patient;
- Depiction of intoxication; and
- The use of discriminatory language or practices.
- Interacting with Patients: Physicians should refrain from interacting with past or current patients on personal social networking sites like Facebook, and never discuss information pertaining to the physician-patient relationship on personal social networking sites.
- Privacy/Confidentiality: Patient privacy and confidentiality must be protected at all times, especially on social networking sites. Physicians can discuss their clinical experiences but should refrain from including details that may identify a patient.
- Disclosure: Physicians may write online about their experience as healthcare professionals, but they must reveal existing conflicts of interest and be honest about their credentials as physicians.
- Posting Content: Physicians must realize that any information they post online can be disseminated without their consent to a huge audience. The content posted can often be taken out of context and remain online forever.
- Discussion of Medicine Online: While professional social networking sites designed specifically for physicians can be useful forums for medical discussion, physicians must ensure that the information exchanged on these sites remains confidential and that non-physicians do not rely on the online discussion as medical advice.
The Guidelines recommend that all healthcare providers implement policies and procedures addressing social media and social networking usage in accordance with these recommendations.