In recent years many health care providers and managers have told me, time and again, that the health care world is accustomed to managing confidential patient information, and therefore doesn’t need much in the way of social media training and policy development.  This week brings news that should make those folks sit up and take notice.  A physician in Rhode Island, who was fired for a Facebook faux pas, has now been fined by the state medical board as well.  The physician posted a little too much information on Facebook — information about a patient that, combined with other publicly available information, allowed third parties to identify the patient.  The details of the story are available here and here.

The key takeaway from this story — and the Johnny-come-lately approach to health care social media taken by the Rhode Island hospital in question and the Boston teaching hospital that the Boston Globe turned to for comment — is that prevention is the best medicine.

Facebook and other social media are a fact of life, and cannot be ignored by health care providers and organizations.  They can even be used as a force for good.  As one example, take note of the recently-announced initiative by my colleague, Dr. Val, to start up a peer-reviewed tweetstream, @HealthyRT.  At he very least, health care providers and organizations should be monitoring social media for mentions so that they can reach out, as may be necessary, to address health care and public relations issues.

HIPAA issues in the Rhode Island case led to sanctions — not by the federales or the state AG enforcing HIPAA — but by the medical board and the physician’s employer.  These sanctions, and the harm they are ineffectually seeking to remedy, may have been avoided entirely by some preventive medicine: health care social media policy and procedures development through an inclusive process that would create a broad sense of ownership and responsibility, combined with greater understanding and sensitization, across clinical and non-clinical staff.  Here’s hoping that health care provider organizations who are learning about these issues through the missteps of others are able to take proactive steps to avoid receiving this same kind of negative publicity themselves.

David Harlow writes at HealthBlawg, a nationally-recognized health care law and policy blog. He is an attorney and lectures extensively on health law topics to attorneys and to health care providers. Prior to entering private practice, he served as Deputy General Counsel of the Massachusetts Department of Public Health.

Share on Twitter

11 Responses for “Facebook Misstep Costs RI Physician Fine, Job”

  1. Social media can be enjoyable for healthcare, physicians and the like. HealthTrain Express has been writing a series of articles, guidelines and sources for those interested in social media. There are 3 parts thus far;

    http://healthtrain.blogspot.com/2011/04/medical-social-media-in-real-world.html

    http://healthtrain.blogspot.com/2011/04/dual-citizenship-for-social-media.html

    http://healthtrain.blogspot.com/2011/04/social-media-in-medicine-iii.html

    Included are some health institution social media sites and also an article on social media guidelines.

  2. BobbyG says:

    That’s pretty interesting.

    None of this is exactly news (beyond the perils of yacking too much on social media). Google “Latanya Sweeney,” the ONC HIT Policy Committee PhD from MIT. She’s famous for her published assertion (in Scientific American, no less, IIRC) that all she needs is your DoB, ZIP code, and gender to have about an 80% chance of ID’ing you (I don’t totally buy that).

    Back in the early 1990′s when I was first working for HealthInsight, doing outcomes analyses using mostly Medicare Part-A claims data, we were cautioned even then about the potential for “re-identifying” ostensibly de-identified data, particularly in rural areas. e.g., publish something relating to “a 49 yr old divorced mother of two with HTN and DM residing in Nye County NV” and someone can quickly figure out exactly who that is.

  3. David Harlow says:

    The doc in this case probably complied with the HIPAA “safe harbor” of removing the 18 identifiers noted in the rule, but removing these worked as de-identification, if at all, only in a brief period following the promulgation of the rule. The rule also provides that de-identification in this manner works only if “the covered entity does not have actual knowledge that the information could be used alone or in combination with other information to identify an individual who is a subject of the information.” 42 CFR 164.514(b)(2)(ii). These days, nobody can disclaim knowledge of the fact that information de-identified by removing this cookbook list of 18 identifiers may be re-identified by cross-matching data with other publicly-available data sources. There are a number of reported instances of this sort of thing happening. The RI case is only the latest.

    The policy question raised by all this is whether we collectively care enough about privacy and security to ratchet up the regulatory and technical protections, or whether, instead, we are OK with lowered privacy and security standards because they can enable information-sharing leading to improved health outcomes, and disclosures such as the one affecting the RI patient are acceptable “collateral damage.”

  4. Diane Feyes says:

    The use of social media has become a very active part of our lives. Much good can result from many health care facilities participating in facebook and tweeting to improve the community’s health through further education. But organizations need to be proactive in developing policies and procedures in using social networking in the professional arena. The problem often comes in the personal side of social networking. It is often here that as staff vent about the stresses that occur during the course of the day that unintended breeches in confidentiality of the patients can happen. Again organizations must be proactive and raise awareness through education. We have continuous HIPAA updates through the course of the year and need to include education of how to use social networking appropriately for the health care worker even for personal use. Unfortunately the doctor from RI is not the only person to have lost their job because of something posted on facebook. We need to keep this in the forefront of all health care workers in order to keep patient information confiential.

  5. leed exam says:

    No matter if some one searches for his required thing,
    therefore he/she wishes to be available that in detail, so that
    thing is maintained over here.

  6. Excellent post, I will be checking back regularly to look for updates.

  7. This website has some very helpful info on it! Cheers for helping me.

  8. Thank you for producing the powerful, dependable, educational and as well as easy tips about your topic.

  9. Very interesting details you have noted , thanks for posting .

  10. Just desire to say your article is as astonishing. The clearness in your post is simply nice and i can assume you’re an expert on this subject. Well with your permission allow me to grab your feed to keep up to date with forthcoming post. Thanks a million and please carry on the enjoyable work.

  11. The color of your blog is quite great. i would love to have those colors too on my blog.

Leave a Reply

THCB BLOGGERS

FROM THE VAULT

The Power of Small Why Doctors Shouldn't Be Healers Big Data in Healthcare. Good or Evil? Depends on the Dollars. California's Proposition 46 Narrow Networking
MASTHEAD STUFF

MATTHEW HOLT
Founder & Publisher

JOHN IRVINE
Executive Editor

JONATHAN HALVORSON
Editor

JOE FLOWER
Contributing Editor

MICHAEL MILLENSON
Contributing Editor

ALEX EPSTEIN
Director of Digital Media

MICHELLE NOTEBOOM Business Development

MUNIA MITRA, MD
Clinical Medicine

Vikram Khanna
Editor-At-Large, Wellness

THCB FROM A-Z

FOLLOW US ON TWITTER
@THCBStaff

WHERE IN THE WORLD WE ARE

The Health Care Blog (THCB) is based in San Francisco. We were founded in 2004 by Matthew Holt and John Irvine.

MEDIA REQUESTS

Interview Requests + Bookings. We like to talk. E-mail us.

BLOGGING
Yes. We're looking for bloggers. Send us your posts.

STORY TIPS
Breaking health care story? Drop us an e-mail.

CROSSPOSTS

We frequently accept crossposts from smaller blogs and major U.S. and International publications. You'll need syndication rights. Email a link to your submission.

WHAT WE'RE LOOKING FOR

Op-eds. Crossposts. Columns. Great ideas for improving the health care system. Pitches for healthcare-focused startups and business.Write ups of original research. Reviews of new healthcare products and startups. Data-driven analysis of health care trends. Policy proposals. E-mail us a copy of your piece in the body of your email or as a Google Doc. No phone calls please!

THCB PRESS

Healthcare focused e-books and videos for distribution via THCB and other channels like Amazon and Smashwords. Want to get involved? Send us a note telling us what you have in mind. Proposals should be no more than one page in length.

HEALTH SYSTEM $#@!!!
If you've healthcare professional or consumer and have had a recent experience with the U.S. health care system, either for good or bad, that you want the world to know about, tell us about it. Have a good health care story you think we should know about? Send story ideas and tips to editor@thehealthcareblog.com.

REPRINTS Questions on reprints, permissions and syndication to ad_sales@thehealthcareblog.com.

WHAT WE COVER

HEALTHCARE, GENERAL

Affordable Care Act
Business of Health Care
National health policy
Life on the front lines
Practice management
Hospital managment
Health plans
Prevention
Specialty practice
Oncology
Cardiology
Geriatrics
ENT
Emergency Medicine
Radiology
Nursing
Quality, Costs
Residency
Research
Medical education
Med School
CMS
CDC
HHS
FDA
Public Health
Wellness

HIT TOPICS
Apple
Analytics
athenahealth
Electronic medical records
EPIC
Design
Accountable care organizations
Meaningful use
Interoperability
Online Communities
Open Source
Privacy
Usability
Samsung
Social media
Tips and Tricks
Wearables
Workflow
Exchanges

EVENTS

TedMed
HIMSS South x South West
Health 2.0
WHCC
AHIP
AHIMA
Log in - Powered by WordPress.