Time for a Social Media Policy is Now
Another Case Illustrates the Need for Privacy EducationPhysicians who use social media to discuss their work, even without naming patients, risk privacy violations, a recent case in Rhode Island clearly illustrates. The case is an eye-opener for all clinicians about social networking risks.
The Rhode Island Board of Medical Licensure and Discipline reprimanded Alexandra Thran, M.D., and ordered her to pay a $500 administrative fee and attend a continuing education course after she used Facebook "in a manner that inadvertently violated confidentiality," according to a consent order. The order found she was guilty of "unprofessional conduct" by revealing personally identifiable information to third parties, even though she never named patients she discussed on Facebook.
Westerly Hospital, where the physician practiced emergency medicine, terminated Thran's clinical privileges "because she had used her Facebook account inappropriately to communicate a few of her clinical experiences in the hospital's emergency department" the order states.
Although the physician never used patient names, "the nature of one person's injury was such that the patient was identified by unauthorized third parties," according to the order. Once Thran was notified of this, she immediately deleted her Facebook account and expressed her willingness to attend an appropriate continuing medical education course dealing with physician-patient confidentiality issues, the order states.
Social Media Misuse
The Rhode Island case is just the latest example of misuse of social media in healthcare. Late last year, a Georgia health system fired three employees and disciplined five others after a digital image of a male patient's pelvic region showed up on Facebook and was texted by cell phone (See: Social Media Policy: Lessons Learned).So what's the moral of the story? If you work at a hospital, clinic or other healthcare organization, make sure you have a social media policy in place that provides clear-cut guidelines. Then make sure everyone on staff, including physicians, is educated about that policy.
Many staff members likely are unaware of the subtle privacy risks posed by discussing unnamed patients on social media sites. It's time to make sure they're aware of all the social networking risks; and don't forget to offer frequent reminders. Otherwise, you'll run the risk of a health information breach, harm to patients and perhaps a fine for violating HIPAA.
Editor's Note: Sharon Finney, corporate data security officer for Adventist Health System, will offer practical tips on developing a social media policy in an upcoming HealthcareInfoSecurity.com webinar.