The Internet and social media have ushered in new ways of doing business. But as with so many other aspects of running a medical office, health care is different from any other business when it comes to an online presence. The sanctity of the physician-patient relationship can often be at odds with the openness, anonymity, and wide accessibility of the Internet and social media. Yet there are benefits to medical practices utilizing the Internet and social media to connect with patients. In this article, we’ll highlight the risk areas medical office managers need to be alert to when the practice considers utilizing the benefits of the Internet and social media.
Getting the word out
The benefits of medical offices using the Internet and social media are promoting the practice, connecting with patients, sharing general medical information with patients, and providing helpful follow-up to remind patients of appointments, treatments and healthy practices. The American Medical Association’s (AMA) Opinion 9.124 – Professionalism in the Use of Social Media highlights these benefits: “Participating in social networking and other similar Internet opportunities can support physicians’ personal expression, enable individual physicians to have a professional presence online, foster collegiality and camaraderie within the profession, provide opportunity to widely disseminate public health messages and other health communication.” So it’s worth considering an online presence for your practice. But do so knowing and preparing for the risks.
Risky business
In prior articles we’ve told you about the risks that personal activity of staff on social media can create for your practice whether conducted during work hours on the practice’s equipment or even on personal time away from the office. In this series we will focus on ethical and legal issues raised when your practice or its physicians and staff become professionally active on the Internet and social media for the benefit of the practice. This first part of this two-part series addresses activity relating to the physician-patient relationship and its formation and communication with patients via Internet and social media. In the second part of this series we’ll address the legal risks of marketing and promotional activities conducted online and in social media.
The AMA’s Opinion 9.124 arose out of the Report of the Council on Ethical and Judicial Affairs (CEJA) titled “Professionalism in the Use of Social Media.” That report explains that the Internet’s “speed of communication, reach, searchability, and the capacity for content to endure” impact the “scope of communication between physicians and patients” and the consequences of that communication. Here are a few “do’s” and “don’ts” you should keep in mind when considering how your practice will venture into the Internet and social networking world.
#1 Don’t share too much
With HIPAA hanging over your head, the acronym TMI, too much information, takes on new meaning. You don’t need to be reminded that patient confidentiality is critical and practices need to protect the privacy and security of their patients’ health information. But the Internet and social media present new HIPAA challenges for practices. When a medical office decides to use the Internet or social media for the benefit of the practice—to promote its services or connect with patients or other providers—the practice “needs to be very clear, it is only used for professional purposes and promoting and communicating information about the practice,” advises Susan Ziel, a nurse attorney and partner with Krieg DeVault, LLP in Minneapolis. Just as we warned in our article focused on staff using social media for personal use, it can be easy to inadvertently expose patient information if you are not vigilant about ensuring no details give enough information to identify a patient.
Clinical staff in a practice may use the Internet to communicate not just with patients but also with other providers to share experience and wisdom and ask questions. When doing so, information must be carefully de-identified and secure systems utilized. It can be very easy, however, to think information is de-identified when it’s not. Remember that HIPAA requires all 18 of the identifiers set out in 45 CFR 164.514 to be removed from the communication before it is properly de-identified.
Ziel also warns that a critical difference between communication via the Internet or social media and other media is that “you don’t always have the ability to confirm who you are communicating with.” This raises privacy and security vulnerabilities. HIPAA requires that you address those with measures designed to authenticate the communication and to protect the patient’s confidential information.
#2 Don’t replace the face-to-face
When a practice becomes active online and invites interactivity with patients and potential patients, the creation of physician-patient relationships must be considered. Licensing boards and state courts address when a physician-patient relationship is created but many ethical guidance documents indicate it should be established via face-to-face communication.
Email, social media, and other Internet connectivity shouldn’t replace that face-to-face interaction when establishing a relationship with a new patient. While email can be convenient and expedient, “when it begins to replace what should be a professional encounter that can be billed and documented,” warns Ziel, “these short cuts can become very disruptive, very quickly.” That’s because relying on online communication raises risk management and financial issues. Emails and texts and other Internet communication are not always recorded or documented and thus, can’t be tied to billable services, she explains.
#3 Do limit purposes for email and texting
Email and texting can be quick and convenient methods of communication. But beware when used in the health care context. “Email and texting and can very quickly end in a HIPAA violation,” warns Ziel, so she and her firm “advise clients to have some policy that sets safeguards for communication with patients or other third parties.” Some physician offices have a secure portal or encryption which is safer whereas unsecured emails or texts still can go through lots of hands, she adds.
Also, be aware that your state licensing board may have something to say about what your practice does on the Internet and how it connects with patients. For example, Ziel notes that Indiana’s medical licensing board permits certain email communications with patients but only after a formal relationship has been established by way of an in-office, face-to-face encounter that includes a signed email authorization form that also confirms the limited types of email communications that are permitted. Without these arrangements, “there is an ever-present risk that the emails will begin to replace the treatment related communications that should go on face-to-face or by telephone,” says Ziel.
Ziel also suggests that when sending out general email communications to patients you send it from an address to which the recipients cannot respond. If you don’t prohibit responses, you then have to worry about obligations to check for and respond to email responses. If you do allow patients to communicate by way of the authorized email communications, be clear about the limited purposes and the turnaround time that will be required for email responses, warns Ziel. For example, prohibit email from being used to report a change in a patient’s status.
Texting in particular raises big privacy concerns and practical issues as well. “Texting raises HIPAA concerns and there’s also no way to print or save,” explains Ziel. That makes it difficult to prove the communication actually happened if there are any issues later on.
#4 Don’t get too friendly
When physicians and staff communicate with patients online via social networking it’s important to ensure the communication stays professional. Ziel warns that staff and physicians need to be mindful of the physician-patient relationship and always remember “what hat you are wearing” when interacting with patients online. She explains that patients often become friendly with staff or their physician and invite them to “friend” them or otherwise connect or link with them online. This raises ethical and professional issues, she cautions. Every medical office should set policy with clear parameters about what relationship, if any, can continue with a patient outside the medical office.
Given the nature of the professional health care relationship, in addition to the confidential and sometimes even intimate information that is shared, all physicians and staff should avoid the development of personal relationships with their past or present patients, Ziel warns. The intimacy and closeness of online communication can easily move beyond a perceived friendship to include romantic or sexual interactions or even a harassment claim, Ziel warns. The CEJA report also cautions: “Online friendships with patients are particularly problematic because they may open the door to interactions (online or in person, romantic or otherwise) that are outside of the patient-physician relationship and lead to potentially problematic self-disclosure by both patients and physicians due to the disinhibition, belief of anonymity, and asynchrony of interactions online.”
In fact, the Federation of Medical Boards, the American College of Physicians, and the American Medical Association all caution against establishing any personal or friendly interaction with patients online. The AMA Opinion 9.124 requires physicians interacting with patients online to “maintain appropriate boundaries of the patient-physician relationship in accordance with professional ethical guidelines, just as they would in any other context.” To do that, the AMA Opinion advises “physicians should consider separating personal and professional content online.” The Federation of Medical Boards’ social media guidelines also advise that online communication with patients must always be limited to discussing treatment, and such communication “should never occur on personal social networking or social media websites.” The guidelines add that while online technologies can be useful “they can also be a distracter which may lessen the quality of the interactions” with patients.
Additionally, tell staff and physicians not to use their practice-based email address for personal use or personal interactions online. The Federation of Medical Boards’ guidelines warn physicians not to use their professional or work email addresses to log into social networking when conducting personal communications because others who see a “professional e-mail attached to an online profile may misinterpret the physician’s actions as representing the medical profession or a particular institution.” This warning is equally applicable to not just physicians but any staff of the practice.
Additional steps
Reporting bad conduct of others
Note that you shouldn’t put blinders on if you see other practices or health care professionals violating ethical guidelines for online and social media communications. The AMA Opinion 9.124 requires physicians who see colleagues posting unprofessional content to call the poster’s attention to that content so it can be removed and if it isn’t addressed, to report the posting to “appropriate authorities.”
Monitoring your profile online
People will post online information about your group, like it or not, says Ziel. Indeed, the AMA recognizes the potential risks and advises in Opinion 9.124 that “physicians should routinely monitor their own Internet presence to ensure that the personal and professional information on their own sites and, to the extent possible, content posted about them by others, is accurate and appropriate.”
Staying alert
The American Academy of Orthopaedic Surgeons’ Social Media Healthcare Primer recommends practices set up a Google Alert for the practice and its physicians and clinical staff so you can be alerted to what others are saying about the practice and its staff online in the provider ranking sites and other locations.
Sources
American Medical Association’s (AMA) Opinion 9.124 – Professionalism in the Use of Social Media (Issued June 2011).
Annals of Internal Medicine, Online Medical Professionalism: Patient and Public Relationships: Policy Statement from the American College of Physicians and the Federation of State Medical Boards, Jeanne M. Farnan, MD, MHPE; Lois Snyder Sulmasy, JD; Brooke K. Worster, MD; Humayun J. Chaudhry, DO, MS, SM; Janelle A. Rhyne, MD, MA; and Vineet M. Arora, MD, MAPP, for the American College of Physicians Ethics, Professionalism and Human Rights Committee; the American College of Physicians Council of Associates; and the Federation of State Medical Boards Special Committee on Ethics and Professionalism, 2013; Viewed at http://annals.org/ on 7-03-14
AMA Council on Ethical and Judicial Affairs (CEJA), “Professionalism in the Use of Social Media.”
The Federation of State Medical Boards, Model Guidelines for the Appropriate Use of Social Media and Social Networking in Medical Practice
American Academy of Orthopaedic Surgeons, Social Media Healthcare Primer,
http://www3.aaos.org/member/prac_manag/Social_Media_Healthcare_Primer.pdf
