Recently, MSNBC reported that a Rhode Island doctor is facing a $500 fine and must take a continuing education course after inadvertently revealing a patient's identity during a Facebook post meant to outline some of her clinical experiences. According to the article, the doctor did not directly identify the patient, but described his or her injuries in a fashion that allowed a third party to figure out the patient's identity.
In some ways, this is the perfect cautionary tale for hospitals and docs who, like everyone else, now reach their customers via tweets and status updates. Unlike some HIPAA breaches I've heard about—stories of medical students posting patient photos on Facebook abound—the doctor in question appears to have had no intent of making light of her patient's condition or exposing their identity. And my assumption is that the lightness of the penalty, doled out by Rhode Island's medical licensing board, reflects that lack of intent—although at least one of the hospitals where she has clinical privileges terminated those privileges following the incident.
But it does raise some concerns as hospitals and doctors increasingly market themselves on Twitter, Facebook and other social media vehicles, instead of through more traditional media and community relations outlets. Hospitals don't have much choice in the matter—every business is migrating from face-to-face interactions and exposure through newspapers and TV to real-time social media encounters with the general public, but I think some caution about the extent of exposure, and social media guidelines for staff, are imperative. My sense is that we're still in a period of unsettled chaos with Twitter, Facebook and other social media forms, and that eventually, informal and legal boundaries will begin to self-police what is still a young form of communication. Until then, tweet with caution.
Can HIPAA and other privacy protections remain meaningful—and enforceable—in an era where every action is tweeted and where we're all encouraged to share every detail of our professional and private lives? And does your hospital have a Facebook or Twitter policy to handle the pitfalls of social media? Email your thoughts to firstname.lastname@example.org.