Medicolegal Issues

The medicolegal considerations of interacting with your patients online

Author and Disclosure Information



Other forms of social media are also not secure
Similar concerns arise about texting and using Twitter by the second nurse. These activities apparently had been unknown to the physician, but the practice still may be responsible for her actions. These are insecure forms of communication and raise serious ethical and legal concerns.

Other social media pose confidentiality risks as well. For example, a physician was dismissed from a position and reprimanded by the medical board for posting patient information on Facebook,7 and an ObGyn caused problems by posting a nasty note about a patient who showed up late for an appointment.8 Too many patients may not understand that posting on social media is the equivalent of standing on a street corner yelling private information. Social media sites that invite the discussion of personal matters are an invitation to trouble.

Physicians are ethically obliged to protect confidentiality
Professional standards place significant ethical obligations on physicians to protect patient confidentiality. The American Medical Association (AMA) has an ethics opinion on professionalism with social media,9 as does the American College of Obstetricians and Gynecologists (ACOG).10 Another excellent discussion of ethical and practical issues is a joint position paper by the American College of Physicians and the Federation of State Medical Boards.11 Both documents focus attention on issues of confidentiality.

Physicians are legally obliged to protect confidentiality
There are many legal protections for confidentiality that can be implicated by electronic communications and social media. All states provide protection for unwarranted disclosure of private patient information. Such disclosures made electronically are included.12 Indeed, because electronic disclosures may be broadcast more widely, they may be especially dangerous. The misuse of social media may result in license discipline by the state board, regulatory sanctions, or civil liability (rare, but criminal sanctions are a possibility in extreme circumstances).

In addition to state laws regarding confidentiality, there are a number of federal laws that cover confidential medical information. None is more important than the Health Insurance Portability and Accountability Act (HIPAA) and the more recent HITECH amendments (Health Information Technology for Economic and Clinical Health).13 These laws have both privacy provisions and security (including “encryption”) requirements. These are complicated laws but at their core are the notions that health care providers and some others:

  1. are responsible for maintaining the security and privacy of health information
  2. may not transmit (even unintentionally) such information to others without patient permission or legal authority.14
  3. may not transmit (even unintentionally) such information to others without patient permission or legal authority.

A good source of step-by-step information about these laws is “Health information privacy: Covered entities and business associates,” on the US Health and Human Services website.14

HITECH also provides for notice to patients when health information is inappropriately transmitted. Thus, a missing USB flash drive with patient information may require notification to thousands of patients.15 Any consideration of the use of email or social media in medical practice must take into account the HIPAA/HITECH obligations to protect the security of patient health information. There can be serious professional consequences for failing to follow the HIPAA requirements.16

Dual relationships and conflicts of interest
In our hypothetical case, the office manager’s suggestion that the office use Facebook and their website to attract new patients also may raise confidentiality problems. The Facebook suggestion especially needs to be considered carefully. Facebook use is estimated to be 63% to 96% among students and 13% to 47% among health care professionals.17 Facebook is most often seen as an interactive social site; it risks blurring the lines between personal and professional relationships.9 There is a consensus that a physician should not “friend” patients on Facebook. The AMA ethics opinion notes that “physicians must maintain appropriate boundaries of the patient-physician relationship in accordance with professional ethical guidelines, just as they would in any other context.”9

Separate personal and professional contacts
Difficulties with interactive social media are not limited to the physicians in a practice. The problems increase with the number of staff members who post or respond on social media. Control of social media is essential. The practice must ensure that staff members do not slip into inappropriate personal comments and relationships. Staff should understand (and be reminded of) the necessity of separating personal and professional contacts.

Avoid misunderstandings
In addition, whatever the intent of the physician and staff may be, it is essentially impossible to know how patients will interpret interactions on these social media. The very informal, off-the-cuff, chatty way in which Facebook and similar sites are used invites misunderstandings, and maintaining professional boundaries is necessary.

Next Article:

Postpartum life-threatening strep infection

Related Articles