KEEP IT LEGAL A social media policy can help to keep your facility’s online presence and employees’ activities in line with patient privacy regulations.

Social media has revolutionized communication between healthcare providers and patients. It’s also sparked thorny legal and ethical concerns. Imprudent use of such online outlets as Facebook, Twitter and the like — not just by a facility or practice, but also by physicians, nurses, administrative personnel and other employees on their own — could violate federal and state laws, and adversely impact a business’s reputation. As a result, it’s important to be aware of the potential pitfalls of social media and to implement a policy governing its use.

Watch your step
A social media presence can be a powerful marketing tool and a useful adjunct to your patient care. The ease with which communication is facilitated online, though, leads many people to forget the possible missteps in electronic interactions.

Patient privacy is huge. Many of the issues that arise in the social media realm involve the confidentiality of patient information, chief among them the posting of photographs. The Health Insurance Portability and Accountability Act aims to shield individually identifiable health information that is held or transmitted by providers, in any form or media, from public exposure. Any photos (or other social media communications) in which a patient could be identified fall under these guidelines; state privacy laws may also apply.

HIPAA permits physician-to-physician communication of protected information for treatment purposes without patient authorization, but the lines of communication must be secure. Providers must always be aware of, and are responsible for, the safety and security of the sites in which they participate and must ensure any online discussion of a patient’s information is compliant with HIPAA and applicable state laws.

According to the Federation of State Medical Boards’ guidelines on social media use among providers (tinyurl.com/oagvc49), issued in 2012, “physicians may discuss their experiences in non-clinical settings, [but] they should never provide any information that could be used to identify patients. Physicians should never mention patients’ room numbers, refer to them by code names or post their pictures.”

Another social media concern involves the possibility that patients who have had less-than-optimal experiences at your facility or with your physicians and staff may post negative comments on your sites. Disgruntled patients are inevitable in any service-oriented field, medicine included, and cannot be completely silenced. An awareness of the workings of the sites in which you participate, however, such as the ability to block posts by unauthorized individuals or to filter what appears, could limit the impact of these comments.

MAKE IT ENFORCEABLE
Your Social Media Policy

Drafting and implementing a social media policy for your facility and employees can help to foster a culture of compliance with legal and ethical standards. Your policy, which you should periodically update to reflect changes in technology, should at minimum:

• complement HIPAA and your state’s privacy protection rules;
• define the social media applications at issue, so your employees know the policy’s reach and in what situations it is in effect;
• designate a social media officer who has the exclusive ability to access the facility’s or practice’s accounts, add content or make changes, and monitor potential privacy concerns;
• list examples of acceptable social media uses;
• set ground rules for permissible electronic communications with current or prospective patients; and
• establish disciplinary responses for infractions.

Many social media policies also include provisions that prohibit employees from disparaging their employer, under pain of termination. But the National Labor Relations Board, which has recently turned its attention to social media policies, holds that employees have a right to engage in “concerted activity” for the purposes of collective bargaining or to improve working conditions and/or terms of employment, and that it is protected speech, even in social media. Consult with qualified legal counsel to make sure that your social media policy is enforceable, and not a potential liability.

— Neda M. Ryan, JD

What is a doctor’s duty?
The FSMB’s guidelines emphasize the importance of recognizing and respecting the boundaries of the physician-patient relationship during online interactions with both current and prospective patients.

A physician must always be mindful of the risk associated with electronic communications. In the overview, when a physician and a patient have formed a relationship, the physician owes that patient a duty (the extent of which is usually prescribed by state law), and a breach of that duty could result in a medical malpractice claim or other negligence action if the patient sustains damages.

But it’s still a bit of a gray area as to whether this duty is limited to the confines of the healthcare facility, or whether it extends to e-mail or social media. This can be particularly dicey since it is difficult to ascertain the expectations and the full extent of a patient’s medical condition through electronic interactions.

Even more risky is when a physician is not yet formally treating a patient. Then, any online communications raise questions about whether a treatment relationship has formed, when it formed (after 1 e-mail? After 5 e-mails?) and at what point the physician owes a duty.

Each situation is fact-specific and each state has its own requirements for what constitutes a physician-patient relationship, so being aware of the fine line is critical when communicating electronically. Since these interactions, and the advice offered in them, may blur the line between patient and friend, individual providers are strongly advised to keep their professional and personal social networking accounts and content separate.