The Security Scrutinizer with Howard Anderson

Time for a Social Media Policy is Now

Another Case Illustrates the Need for Privacy Education

Physicians who use social media to discuss their work, even without naming patients, risk privacy violations, a recent case in Rhode Island clearly illustrates. The case is an eye-opener for all clinicians about social networking risks.

The Rhode Island Board of Medical Licensure and Discipline reprimanded Alexandra Thran, M.D., and ordered her to pay a $500 administrative fee and attend a continuing education course after she used Facebook "in a manner that inadvertently violated confidentiality," according to a consent order. The order found she was guilty of "unprofessional conduct" by revealing personally identifiable information to third parties, even though she never named patients she discussed on Facebook.

Westerly Hospital, where the physician practiced emergency medicine, terminated Thran's clinical privileges "because she had used her Facebook account inappropriately to communicate a few of her clinical experiences in the hospital's emergency department" the order states.

Although the physician never used patient names, "the nature of one person's injury was such that the patient was identified by unauthorized third parties," according to the order. Once Thran was notified of this, she immediately deleted her Facebook account and expressed her willingness to attend an appropriate continuing medical education course dealing with physician-patient confidentiality issues, the order states.

Social Media Misuse

The Rhode Island case is just the latest example of misuse of social media in healthcare. Late last year, a Georgia health system fired three employees and disciplined five others after a digital image of a male patient's pelvic region showed up on Facebook and was texted by cell phone (See: Social Media Policy: Lessons Learned).

So what's the moral of the story? If you work at a hospital, clinic or other healthcare organization, make sure you have a social media policy in place that provides clear-cut guidelines. Then make sure everyone on staff, including physicians, is educated about that policy.

Many staff members likely are unaware of the subtle privacy risks posed by discussing unnamed patients on social media sites. It's time to make sure they're aware of all the social networking risks; and don't forget to offer frequent reminders. Otherwise, you'll run the risk of a health information breach, harm to patients and perhaps a fine for violating HIPAA.

Editor's Note: Sharon Finney, corporate data security officer for Adventist Health System, will offer practical tips on developing a social media policy in an upcoming webinar.

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.