When Matt Goldstein entered medical school at Stanford, his instructors warned him about keeping Facebook or Twitter pages, saying that social media activity could lead to violations of HIPAA patient privacy rules.
As he prepares to begin his residency, Goldstein has once again received the now familiar warning. "I actually just got an email from my residency program, and they cautioned us strongly about social media and about using it judiciously."
Medical students and physicians face the choice of either not using social media or using pseudonyms that only friends know in order to avoid violating privacy rules and to steer clear of inappropriate contact with patients.
"For me, something like Facebook, which started off as a really powerful social tool to interact with friends and colleagues, in some way became a concerning liability," Goldstein said.
Goldstein said his classmates either use online pseudonyms on Facebook, Twitter or LinkedIn accounts, or they have shut down their accounts for fear of unwittingly violating privacy rules. Many have switched to private professional networking sites, which allow them to discuss medical cases in professional forums, seek out colleagues for remote consultations and read up on the latest treatments and outcomes.
In a 2009 survey of deans at 130 U.S. medical schools published in the Journal of the American Medical Association, 60% of the respondents reported incidents of students posting unprofessional online content. Violations of patient confidentiality were reported by 13% of those surveyed.
Unintentional privacy breaches
It may appear obvious that medical students and physicians shouldn't post personal patient information on social networks, but it's not always that simple.
For example, two years ago, Dr. Alexandra Thran, a 48-year-old emergency room physician, was fired from Westerly Hospital in Rhode Island and reprimanded for unprofessional conduct by the state medical board for posting information about a patient online.
According to a board filing, Thran didn't post the patient's name, but there was enough information that other people could identify the individual.
"Folks get into trouble when they think they're not violating patient confidentiality because they don't put the name or put the age down, but you can actually go back and find out information if you know where the doctor works, know the date it was posted," said Dr. Bradley Crotty, chief medical resident at Beth Israel Deaconess Medical Center in Boston and an instructor at Harvard Medical School.
Physicians should approach posting on social networking sites in the same way they approach conversations in hospital elevators, Crotty said. It's simply forbidden to discuss cases in a public setting, whether physical or virtual.
The potential for medical professionals to get involved in inappropriate activity on social networking sites goes beyond doctors sharing information with colleagues, Goldstein said. Often, such cases don't involve a physician posting information; instead, it could be a situation where a patient is trying to make contact with a doctor.
"In some cases, that's nice; it seems to foster a connection between a patient and a physician. But I'm sure you can imagine that it can also be somewhat uncomfortable," Goldstein said.