Number 791 (Replaces Committee Opinion Number 622, February 2015)
Committee on Patient Safety and Quality Improvement
INTERIM UPDATE: This Committee Opinion has been updated to reflect content oversight by the Committee on Patient Safety and Quality Improvement.
ABSTRACT: Digital and social media quickly are becoming universal in modern medical practice. Data sharing, online reviews and ratings, and digital privacy concerns likely will become a part of most every physician’s practice, regardless of his or her use of social media. The widespread use of social media in the United States brings unprecedented connectivity that opens new horizons for physicians, ranging from interactions with patients, to communication with peers and the public, to novel approaches to research.
Some physicians are reluctant to engage in online communication with their patients or their communities because of concerns about liability and privacy laws. To date, little legal precedent exists in this area, and potential exposure to liability and negative repercussions from the use of social media can occur. This Committee Opinion will consider potential risk factors with the use of digital and social media technologies Box 1 and precautions that can be taken to protect against liability.
Digital media—forms of electronic media where data are stored in a digital (as opposed to analog) format. The term can refer to the technical aspect of storage and transmission of the information (eg, hard disk drives or computer networking) or to the end-product, such as digital video, augmented reality, digital signage, digital audio, or digital art. Web sites or web pages and social media often are considered a subset of digital media.*
Social media—forms of electronic communication, such as web sites for social networking and microblogging, through which users create online communities to share information, ideas, personal messages, and other content.†
Mobile media—forms of electronic media accessed through a mobile device, such as a smartphone or tablet. This term encompasses social media sites that users access through a device’s Internet browser or web-based applications (apps), as well as mobile device digital communication, such as text-messaging or short message service (commonly known as SMS).‡
Personal online profile—an online profile, commonly created in the context of a social media outlet, that personally identifies an individual and represents that individual in online communication. A personal profile often is directed toward family and friends, although in some cases it may be viewed by any online audience. Common examples of social media outlets that feature personal profiles include Facebook, Twitter, YouTube, and Spotify.
Professional online profile—an online profile, used in social media outlets, that pertains to a business, organization, or professional identity and that represents the entity primarily for professional purposes. Compared with a personal profile, a professional profile generally is directed to a public audience, such as an organization’s membership, business clients or desired customers, or a physicians’ group of patients. Such profiles may be used, for example, in social media sites, such as Facebook and Twitter, as well as professionally-oriented sites such as LinkedIn and Doximity.
*University of Guelph. Digital media. Guelph (ON): University of Guelph; 2006. Available at: http://www.uoguelph.ca/tss/pdfs/TBDigMedia.pdf. Retrieved August 27, 2014.
†http://www.merriam-webster.com/dictionary/social%20media. Retrieved August 27, 2014.
‡Kaplan AM. If you love something, let it go mobile: mobile marketing and mobile social media 4x4. Bus Horiz 2012;55:129–39.
Precedent for Online Exposure to Liability
Practitioners frequently express concern about exposure to liability when engaging in online communication with their patients, members of their professional community, or the broader online community. There is little legal precedent to inform recommendations for safe online communication. Nevertheless, existing legal principles and regulations that apply to in-person interactions apply equally to online activities. Specifically, Title VII of the Civil Rights Act (discrimination), the Americans with Disabilities Act, the Health Insurance Portability and Accountability Act (HIPAA), and general principles of tort law all still apply 1 2 3.
The Federation of State Medical Boards has issued a Model Policy Guideline, and many state medical boards have their own guidelines 4. Physicians should be aware of guidelines offered by their state medical boards, employers, and other professional organizations.
The legal definition of the patient–physician relationship is informed by statute and decisions in tort and contract law. However, the elements required to establish a patient–physician relationship under law differ among jurisdictions. It is not unreasonable to assume that in future litigation regarding the use of social media in medical practice, the broadest definition of this relationship will be adopted. Consequently, physicians should be cautious about providing medical advice online to someone who is not already a patient. For example, a Facebook “friend” may send a message to a physician on her personal page about a medical problem, and the physician may respond with a specific suggested intervention. Although this exchange is similar to one that may arise in an informal, in-person setting, there is now an electronic record that may be construed as establishing a patient–physician relationship. Physicians should not give specific medical advice online to those who are not already their patients.
Online Behavior and Risks
Online Communication With Established Patients
Online or digital communication between patients and physicians should follow the same guidelines that apply to all patient–physician communication: adhere to HIPAA guidelines and conform to the standards of professional behavior 1 2 3. Written, online communication may be permanently archived in the outpatient medical record. As such, unless the communication was secure (eg, password-protected), the online portion of the patient’s electronic medical record (EMR) also may be accessed by other clinicians in the same medical group or those who share the same billing code and EMR. Unlike discussions between physicians and patients in person or by phone, this portion of the EMR is fully discoverable in future litigation. This digital record creates an “audit trail” because most EMRs allow auditors to discover who has viewed, edited, or added to the medical record, including corrections that do not appear in the final document 5 6. Online communication with established patients, when included in the EMR and compliant with HIPAA guidelines, is generally a low-risk online behavior.
Online Communication Without an Established Patient–Physician Relationship
Physicians are reminded that they should be cautious about giving medical advice online to anyone who is not an established patient. It is strongly discouraged for physicians to answer specific medical questions online from those who are not patients.
Health Care Team Communication
Public communication about specific patients or work-related clinical events may violate the patient’s or practitioner’s privacy. Even posting online about a general event, such as a birth, should be avoided. When scrutinized in the context of an identified practitioner or hospital, the event can be traced back through public vital statistics data to a specific patient or hospital. Therefore, posting or blogging about specific events or cases is strongly discouraged. In many instances, such disclosure by way of an online posting is illegal under HIPAA regulations.
High-profile cases have involved plastic surgeons posting patient photographs on Instagram 7 and an obstetrician–gynecologist venting on Facebook about a patient who arrived late for her scheduled induction. Posting work-related content on social media, even if it is only intended for other health care team members, should be considered high-risk online behavior and is strongly discouraged. Health care team members who choose to communicate with each other using digital media (eg, to facilitate practitioner-to-practitioner handoff or collaboration), should use password-protected EMRs or encrypted sites, such as SharePoint. Any team communication should comply with institutional guidelines regarding use of electronic resources.
Maintaining a Professional Web Page
Web pages have become a standard form of communication for businesses, organizations, and professionals. All content on these pages reflects directly on the owner or organization. Physicians currently use professional web pages for a variety of services, from providing basic business information, to scheduling patient appointments, to offering medical news. Physicians who use a web page to offer medical advice potentially create a patient–physician relationship, which carries the same responsibility and liability of a face-to-face encounter. Physicians also should be familiar with the medical information and advice provided on web sites to which they refer their patients to ensure that the information is consistent with their own practice’s message and policies. Maintaining a professional web page is a low-risk, useful tool, provided physicians refrain from offering online medical advice outside the context of an established patient–physician relationship.
Maintaining a Professional Social Media Profile
Social media sites are fast becoming standard tools for professional practices. Sites such as Facebook and Twitter may serve as a substitute for a professional web page or as an auxiliary platform for other original content, such as a blog. Some sites, such as LinkedIn, are primarily designed for professional networking and may facilitate communication between employees and employers. The ability of social media sites to spread information beyond the capacity of traditional digital media makes them attractive tools for organizations and individual professionals.
However, the capacity to reach a widespread audience also carries the potential for unknown users to interact with the site and post undesired content, including comments or photos. “Tagging” is the practice of identifying another user in the context of a comment or photo posted online. Security settings can be set to ensure that your professional profile cannot be tagged by other users. You also can adjust security settings so that only authorized people can post as an administrator. Close surveillance of any professional social media page is recommended to ensure that any undesired content is discovered and addressed promptly.
Because you can establish strict security settings and boundaries on personal information when you use a professional social media profile, it is preferable to a personal social media profile for professional communication. It can be a powerful tool with low risk when maintained with close surveillance.
Maintaining a Personal Social Media Profile
Nearly 80% of U.S. adults use the Internet, and approximately 60% belong to at least one social networking site 8. An estimated 90% of U.S. physicians are engaged in social media 9. Thus, it is understandable that many physicians have personal social media profiles. Even if a physician chooses not to engage in social media, the widespread use of such sites highlights the importance of understanding new technology and new forms of communication.
A personal social media profile can be an enjoyable way to share life events, photos, and other personal news with close family and friends. However, posting personal information increases the risk that it will reach a larger audience. It should be understood that any content could become public material, even if it is only intended for trusted members of a group.
A personal social media profile can be considered a moderate risk if the physician allows large audiences of informal acquaintances to view personal information. This online activity may be regarded as a lower risk if personal content is only shared with close family and friends.
Personal Interaction With Patients on Social Media
As previously stated, consideration of what constitutes a proper patient–physician relationship applies equally to in-person and online interaction 6. A common example of a personal patient–physician online interaction is a “friend” request on Facebook. (Note that this example applies specifically to a personal social media profile and not a professional profile.) Instead of responding to personal “friend” requests, many professionals or organizations encourage patients to “follow” their professional social media profile 6 10. Examples of riskier personal patient–physician online interaction might include offering medical advice in online forums or sharing personal information through a personal profile on other social media sites such as Twitter or YouTube.
With regard to physicians’ personal social media profiles, a recent survey revealed that 75% of physicians declined an invitation to become online “friends” with a patient 11. Several medical societies have recommended that physicians not “friend” their patients, and instead refer them to their respective professional sites 10. However, the question of how physicians and the health care system should interact with patients’ personal digital and social profiles remains unsettled. Some professionals advocate for surveillance as a form of prophylaxis against catastrophic events, such as suicide, while others prefer to exercise their own discretion in interacting with patients in social environments, including online settings. As a principle, to ensure maintenance of appropriate patient–physician relationships, physicians using social media should observe the same ethical standards for online interactions as in-person interactions.
Online Physician Ratings
Physicians face a new arena for evaluation with the emergence of online physician ratings. These online physician ratings constitute a crucial component of any professional’s online profile or “digital CV.” Among the plethora of web sites that claim to offer online physician ratings, physicians may choose to participate with a select few that have been vetted for professionalism and accuracy of information 12. Physicians also may elect to engage with rating sites commonly used in business practice, such as Yelp, or invite patients to provide ratings and feedback on their professional social media profiles 13.
In any of these activities, it is imperative for physicians to understand and comply with the terms and conditions of the user agreement for these sites. Failure to comply with these terms and conditions, specifically regarding solicitation of reviews, can be the source of litigation for any business, including physician group and individual practices.
Physicians should be prepared to handle negative online ratings or reviews. Current literature reveals that most online physician ratings are positive 14. One physician group found that patient satisfaction and recruitment improved as a result of online physician ratings, including negative reviews 13.
Regardless of the content of the review, physicians are best served by monitoring, rather than ignoring, these online ratings. Inaccurate information in reviews should be presented to the host site promptly to allow for investigation and removal of inaccuracies, where appropriate. Additionally, in any response to a review, physicians should abide by the same code of professionalism and conduct that applies to other offline behavior.
Building Professional or Scholarly Networks Through Social Media
The powerful connectivity of social media can apply to dissemination of scholarly publications and products. In addition to conventional bibliometrics (citations and journal impact factor), scholarly works are increasingly referenced by the complementary evaluation of altmetrics—essentially a composite score of an article’s viral spread through shares on social media. Use of professional social networks affords researchers and professionals the opportunity to share their work across larger audiences of like-minded professionals, fosters the development of new collaboration, and offers a forum for online dialogue among remote colleagues 15 16 17.
Professional social networks also provide the opportunity for “closed networks” among professionals, where more specific dialogues and ideas may be shared without being easily accessed by a public audience. However, as with all content on social media, even in closed networks, physicians should exercise caution not to publish content that could be interpreted as offensive or inappropriate for mass dissemination. Provided that physicians follow the Code of Professional Ethics of the American College of Obstetricians and Gynecologists 18, the use of professional social networks can be a robust means of disseminating scholarly work and may be considered a low-risk, potentially high-value, online activity.
Digital and social media are not only acceptable for the modern practicing physician, but have become necessary elements for relating to patients and practicing medicine. Knowing how to monitor your digital presence and practicing low-risk behavior will substantially assist you in limiting your professional online exposure to liability.