GREGG REISMAN, ESQLEGAL COUNSEL

366

Social Media: A Brave New World for Doctors

Stacey L. Gulick, Esq

The importance of social media isbecoming increasingly recognizedin the health care sector, and thereare now thousands of social mediaWeb sites devoted to health careissues. Nevertheless, tension con-tinues to exist as to how and forwhat purposes such social mediacan be used by health care provid-ers. Advocates of social media ex-tol its benefit, but privacy con-cerns, of both patients andentities, and other medicolegalconsiderations, continue to behurdles. In this article, I exploresome of the concerns and limita-tions that health care providersface in establishing social mediaWeb sites such as Facebook,Twitter, or individual blogs.

WHAT IS SOCIAL MEDIAOR SOCIALNETWORKING?

The definition of the term socialmedia is still evolving, with nosingle definition universally ac-cepted. There is, however, a com-mon theme that social media iscomputer or Internet-based com-munication that is “user gener-ated.” The term social networkingis used synonymously or as a sub-category to describe the exchangeof information among peoplewho have something in common(eg, friends who have shared Fa-cebook pages). Social networkingimplies greater interactivity be-tween participants. For purposesof this article, I use the term socialnetwork sites to include individualblogs as well as social network ser-vices such as Facebook, MySpace,Twitter, YouTube, and other

similar Web sites and services.

HOW ARE HEALTH CAREPROVIDERS USINGSOCIAL NETWORKING?

Although the potential uses of so-cial networking are limitless, someuses have already taken hold andbecome almost commonplace. Es-sentially, health care providers areusing the opportunity to dissemi-nate information to consumers as ameans of marketing (eg, branding)and fund-raising. For example, hos-pitals and surgery centers are nowposting live streaming videos or de-tailed Twitter descriptions of eachstep of complicated surgeries andother procedures. In one of the moreinnovative efforts, the Seattle Swed-ish Medical Center hosted what itcalled the first ever “sleep-up.” Theevent was an all-night live stream of apatient undergoing sleep disordertesting, with an associated Twitterquestion-and-answer session withphysician sleep specialists.

In addition, health care providersare using social media sites to com-municate and exchange ideas withstaff members. The use of social net-working as a means of training is be-coming more popular, and manyhealth care providers, especially inlarger health care provider systems,are using social networking to create asense of “community” among staffmembers (eg, using a blog to an-nounce awards or milestonesachieved by staff members).

HOW CAN HEALTH CAREPROVIDERS ADDRESSTHE CHALLENGESRAISED BY SOCIALNETWORKING?

The extent of the challenges and

potential pitfalls, legal and other-

0091

wise, of social networking are stillunknown. The following are someof the suggested steps that healthcare providers can take to protectagainst allegations of wrongdoingin connection with establishing asocial network site.

Control the Flow ofInformation

The first issue to be determined ishow information will be madeavailable (ie, how it will be posted).For example, when putting to-gether a social networking site, ahealth care provider should deter-mine if the site will be an interactivesite or simply a forum for the pro-vider to post information. Regard-less of this determination, thehealth care provider should clearlyidentify who, internally, can postinformation on the site on behalf ofthe provider and use technical safe-guards to ensure compliance. If it isan interactive site, a staff memberor outside agent should be assignedto continuously monitor the site forunacceptable posts by the public orstaff members. If the health careprovider uses an outside companyfor such purpose, there should beclear-cut guidelines regarding whattypes of posts the provider is willingto accept and allow to be posted.Nevertheless, a balance needs to bestruck in relation to oversight be-cause having too rigorous an ap-proval process results in an ineffec-tive site that fails to respond andreact to the fast-paced exchangesthat characterize social networking.

Protect Patient Privacy

A significant issue with social net-working is protecting the confiden-

tiality of patients. All too often, the

© 2011 American College of Radiology-2182/11/$36.00 ● DOI 10.1016/j.jacr.2011.02.010

Legal Counsel 367

complexities of these issues are notunderstood.

First and foremost, any time ahealth care provider posts the im-age, recording, or any individuallyidentifiable information about apatient on any publicly available so-cial network site, even if such site ismembership limited, the providermust obtain the patient’s authori-zation on a form that complieswith HIPAA; the Federal Sub-stance Abuse Confidentiality Re-quirements, as necessary; applicablestate and local laws; and the JointCommission, if the provider is aJoint Commission–accredited fa-cility. Even if the patient’s name isnot explicitly stated, but the patientwould be identifiable by the sum ofthe information provided, an au-thorization is necessary (eg, if aphysician describes an extremelyunique case on a social network sitesuch that people could identify thepatient, patient confidentialitycould be implicated).

The importance of this require-ment cannot be emphasized stronglyenough to all health care providersand their staffs, especially those au-thorized to post information on theproviders’ social networking sites. Ahealth care provider’s posting of a pa-tient’s image, name, or treatment in-formation as part of social network-ing, without patient authorization, isamong other things, a potential (1)HIPAA breach requiring patient no-tification, (2) violation of state crim-inal laws regarding protection ofhealth information, (3) violation ofstate health care licensure laws, (4)violation of state professional mis-conduct laws, and (5) violation ofJoint Commission and other accred-itation standards that could jeopar-dize accreditation or Medicare status.

Delving a little deeper into thisissue, a question arises as to whetherit is sufficient authorization if the

patient first discloses the individu-

ally identifiable information on asocial network site and the healthcare provider merely responds.There is little legal guidance on thisissue specific to social networking,but there is no exception underHIPAA that allows a health careprovider to disclose patient infor-mation merely because the infor-mation has already been made pub-lic, and state laws may be similar.This means that if a health care pro-vider responds to a post and dis-closes information about a patient,without the patient’s explicit au-thorization, the health care pro-vider is potentially exposing him-self or herself to censure, even if thepatient initiated the public com-munication. A better approach tothis scenario, for this and additionalreasons discussed below, is to an-swer specific questions in generalterms and recommend the patientcontact the provider in a more pri-vate setting.

There is also the concern regardingposting health information aboutemployees (eg, the birth of a baby orsuccessful recovery from a surgery),even on “internal” blogs. This type ofinformation, if known because theemployer is the health care provider,cannot be posted without the em-ployee-patient’s authorization. Em-ployee-patients cannot be treated anydifferently than other patients.

Avoid EstablishingUnwanted Provider-patientRelationships

Another important challenge thathealth care providers face when re-sponding to specific posts on a so-cial network site is walking the fineline between medical advice andmedical information. Once ahealth care provider gives specificmedical advice rather than moregeneralized medical information,the health care provider may be

deemed to have established a pro-

vider-patient relationship, whichincurs, among other things, theburdens of potential malpracticelitigation and violation of state li-censure laws if the provider and thepatient are in different states. If ahealth care provider’s social net-working site allows the provider toanswer patient-submitted ques-tions, the answers must be given inbroad general terms that do not cre-ate the appearance of diagnosing orgiving treatment instructions to thespecific patient. In addition, asnoted below, there should be cleardisclaimers that this is not medicaladvice and that readers should con-sult their own practitioners fortreatment options.

Include Disclaimers andGuidelines

Guidelines regarding use and contentof a social networking site should beclearly posted. A number of issuescould be addressed in such guide-lines, but the following are the mostnotable and consistently visible onhealth care social networking sites.Such guidelines should be sure to (1)clearly state the types of posts that areunacceptable, (2) indicate that thehost reserves the right to refuse or re-move posts, (3) caution participantsthat they are assuming the risk ofposting personally identifiable infor-mation about themselves, (4) empha-size that a provider-patient relation-ship is not being established by use ofthe site, (5) advise participants to seekpatient-specific advice from theirproviders, and (6) disclaim any harmas a result of the use of, or materialsposted on, the site.

Establish Internal Policies

For the purposes of a health careprovider’s own social network site,policies need to address, amongother things, appropriate content(eg, the heath care provider’s social

networking sight is not the place to

368 Legal Counsel

air employee grievances), who canpost, ramifications of inappropriateposting by staff members, and thespecific issues of patient privacy.

Internal policies should instructemployees to comply with applica-ble federal and state law. For exam-ple, the Federal Trade Commissionrequires employees to disclose theiremployment relationships if pro-viding testimonials about employ-ers. Other laws to consider in pre-paring such policies are InternalRevenue Service and state regula-tions regarding restrictions on lob-bying and political activity (if a tax-

exempt entity) and intellectual

property and copyright laws (eg,misuse of materials of others canlead to infringement claims).

Finally, internal policies are mean-ingless unless staff members receiveadequate training about such poli-cies. Recurring HIPAA trainingshould incorporate issues relating tosocial media, and all staff membersshould be instructed as to the healthcare provider’s requirements regard-ing social networking. There areother concerns that should be ad-dressed regarding employee posts onindependent sites during nonwork-ing hours, but such issues are not ad-

dressed in this article.

CONCLUSION

Although there are significant op-portunities offered by the cre-ation of social network sites, thepitfalls are also significant and notyet fully recognized. It may be un-desirable, or even unrealistic, toavoid the trend toward social net-working, but awareness of theconcerns and up-front steps toprevent wrongful use of socialnetwork sites could prove invalu-able. As the uses of social net-working expand, health care pro-viders need to keep abreast of this

ever-changing landscape.

Stacey L. Gulick, Esq, Garfunkel Wild, PC, 111 Great Neck Road, Great Neck, NY 11021; e-mail: sgulick@garfunkelwild.com.