Healthcare Information Security

Patient Privacy News

Physicians on social media must ensure patient privacy

By Patrick Ouellette

- For all intents and purposes, most social media platforms are still considered the “Wild West” for clinical staff members that have been tasked with engaging with patients regularly while respecting their privacy as well.  The Rhode Island Board of Medical Licensure and Discipline (BOARD) sought to end any confusion on the part of physicians as to what constitutes acceptable patient interaction on personal social networking sites when it released its Policy Guidelines for the Appropriate Use of Social Media and Social Networking in Medical Practice on October 23.

BOARD chose to release these guidelines based, in part, on a QuantiaMD survey of more than 4,000 physicians in September 2011 that reported 87 percent use a social media website for personal use and 67 percent use social media for professional purposes. In trying to help physicians avoid inadvertently compromising a patient’s privacy, BOARD has set standards for them in using social media.

- Protecting the privacy and confidentiality of their patients (Physicians have an obligation to prevent unauthorized access to, or use of, patient and personal data and to assure that “de-identified” data cannot be linked back to the user or patient.)

- Avoiding requests for online medical advice

- Acting with professionalism

- Being forthcoming about their employment, credentials and conflicts of interest

- Being aware that information they post online may be available to anyone, and could be misconstrued

BOARD reminded physicians to be aware that when communicating electronically, it’s difficult to verify that the person on the other end really is the patient. And, from the patient’s perspective, they may not be able to verify that a physician is on the other end. BOARD maintains that standards of medical care should not change if there’s a different medium in which physicians and their patients interact. In turn, BOARD discourages physicians from interacting with current or past patients on personal social networking sites such as Facebook.

Physicians should only have online interaction with patients when discussing the patient’s medical treatment within the physician-patient relationship, and these interactions should never occur on personal social networking or social media websites. In addition, physicians need to be mindful that while advanced technologies may facilitate the physician-patient relationship, they can also be a distracter which may lessen the quality of the interactions they have with patients. Such distractions should be minimized whenever possible.

BOARD also referenced social networking websites that may be useful places for physicians to gather and share their experiences and discuss medicine and particular treatments. It cited Doximity, a professional network with more than 567,000 U.S. physician members in 87 specialties, as being an appropriate forum of online discussion. BOARD said with Doximity, physicians can exchange HIPAA- compliant messages, but in general physicians need to ensure the platform they use is secure and that only verified and registered users have access to the information.

Lastly, physicians must be cognizant of federal privacy laws such as HIPAA.

While physicians may discuss their experiences in non- clinical settings, they should never provide any information that could be used to identify patients. Physicians should never mention patients’ room numbers, refer to them by code names, or post their picture. If pictures of patients were to be viewed by others, such an occurrence may constitute a serious HIPAA violation.

Note: Mintz Levin’s Health Law and Policy Matters blog originally posted on this news.


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...