Don’t Let PHI Become TMI
By Robert A. Pelaia, Esq., CPC
Significant progress in information technology has brought social media in health care to the mainstream. Consider these four examples:
1. According to its website, the Mayo Clinic recently launched a Center for Social Media with the intention of training physicians and hospitals to use Facebook, Twitter, YouTube, and other popular social media outlets. Mayo’s Center for Social Media claims the Mayo Clinic has “the most popular medical provider channel on YouTube” and more than 80,000 followers on Twitter, as well as over 25,000 Facebook friends. The Mayo Clinic even offers a special Twitter training camp, or “Tweetcamp,” where participants can be trained on using social media tools to improve health care, promote health, and fight disease.
2. Recently, physicians at Henry Ford Hospital in Detroit broadcast live surgical procedures via Twitter, a social-networking site, to give short, real-time updates (of less than 140 text characters each) about certain complex or unique procedures.
3. Nov. 8, 2010, the American Medical Association (AMA) adopted a new social media policy designed to encourage physicians to better manage their online presence while protecting patient privacy and maintaining professionalism. AMA policy acknowledges that social media outlets foster collegiality and camaraderie and provide opportunity to widely disseminate public health messages and other health communication. AMA policy also stresses the importance of appropriate conduct on social networks, the use of strong privacy settings, and the separation of personal and professional content online to preserve the integrity of the patient-physician relationship.
4. As an AAPC member, you have access to AAPC’s website, where countless questions are posted in discussion forums by coders throughout the country. These informative and educational postings often contain specific coding scenarios, diagnoses, and medical information.
Popular Avenues for Sharing Knowledge
Social networks and websites such as Facebook, Flickr, MySpace, Second Life, Twitter, and YouTube are popular avenues through which knowledge is shared, creativity is expressed, and connections are made. In addition to the Internet, cell phones frequently are used for text messaging and taking photos and videos. Such use is considered a catalyst of “social media” because these photos and video clips often are posted immediately on social media sites to share with others. Although there are many benefits to the social networking revolution and advantages to the use of social media in the health care environment, social media used in the health care world poses more risk than when social media is used in other industries. If you participate in these social networks, discussion forums, or blogs, it is important that you—as a participant in the health care delivery system—be careful to maintain the privacy and confidentiality of your patients and co-workers.
Consider HIPAA Appropriateness
Patients also may use social media while receiving services from a health care provider (e.g., a patient “tweets” from the operating room or takes pictures of the ultrasound monitor with a cell phone). To further complicate the issue, there is a debate on the appropriateness of health care providers using social media to relate medical advice or information with their patients (e.g., physicians and patients being Facebook friends).
Health care providers need to exercise extreme caution when giving patient-specific medical advice in an online environment because sharing thoughts publicly about a patient can easily turn into a Health Insurance Portability and Accountability Act (HIPAA) privacy breach. Unlike informal comments made at a casual dinner party, a tweet or a Facebook message leaves a permanent record of a potential privacy violation.
Privacy Policies Try to Keep Up with Technology
Social media is moving at such a fast pace that it’s impossible to address the many questions and issues that arise when providers and patients use it in the health care environment. Today, the trend is for health care entities to move towards adopting policies that attempt to regulate employees’ social media use. Some health care employers ban access to social media outlets or other personal Internet use while at work. Although it is difficult for health care employers to monitor employees’ activities on social media websites outside of work, there are a few basic “common sense” ideas to keep in mind when you enter the cyber world.
Protect Yourself and Patients
Use good judgment when participating in a blog or discussion forum, or when submitting content to a social media site. Embarrassing, obscene, or inappropriate material—including photos, videos, or written comments—that you submit to these sites may reflect poorly on you, your employer, or, worse yet, violate patient confidentiality and privacy. To protect yourself (and your patients and fellow employees), remember that cell phones with camera capabilities should not be used to take pictures of patients, regardless of whether the pictures are stored internally on a memory card or sent electronically to any social media or website. Taking unauthorized pictures or videos of patients is a violation of patient confidentiality and privacy.
Any information about a patient’s medical history, medical condition, demographics, diagnostic data or finances always is considered confidential and never should be shared in a social media outlet. If you submit a question on an AAPC discussion forum, make sure you do not disclose confidential or protected patient information. Such information should only be disclosed to authorized personnel in a manner consistent with state and federal law. Access and use of patient information and images must be provided only on a “need to know” basis to fulfill your professional job duties. Confidential patient information never should be shared when you submit content to any social media site.
You’ll Be Held Accountable for Your Actions
We have all heard horror stories about social media posts that contain just enough information to allow the reader to identify the patient’s identity. A quick online search reveals that the media is full of examples where health care employees were terminated or disciplined for using social media to post personal discussions concerning patients. You do not want to have this happen to you. The bottom line: If you use social media at all, even when you are not at work, always protect your patients’ privacy rights and always safeguard and manage patient information and images appropriately.
Disclaimer: Information published in this article is the personal view of the author and not that of the University of Florida. Information published in this article is not intended to be, nor should it be considered, legal advice. Readers should consult with an attorney to discuss specific situations in further detail.
Robert A. Pelaia, Esq., CPC, is senior university counsel for health affairs at the University of Florida College of Medicine, Jacksonville, Fla. Pelaia is certified as a Health Care Law Specialist by the Florida Bar Board of Legal Specialization and Education. He is also a member of the AAPC National Advisory Board (NAB).