Thomas E. Robey, MD, PhD


April 21, 2011

Are You Friends With Your Patients?

Just the other day, I discovered that a patient's parent shoots hoops at the same outdoor court I use. The boundaries of patient-physician confidentiality will prevent me from ever initiating any conversation about his family's health when we cross paths at the next pick-up game, but our shared interest added to an already existing therapeutic alliance, laying the foundation for friendship.

These days, however, there is another meaning for "friend." Whether patients read your blog or are connected by Facebook, nowadays friends are often the people with whom we are linked by technology, and in these forums the lines of confidentiality often become blurred. The medical community is not isolated from the common media and technology developments. Health information is gradually becoming more portable and accessible to patients as they move between providers and institutions. YouTube, Facebook, and Twitter are central to how tech-savvy physicians and students communicate. Facebook and the like provide tools that many find useful in their daily lives, functioning as convenient address books, a way to keep in touch across decades or continents, or an online photo album. A common refrain is that online communities bring people closer together, yet critics suggest that the time invested in online activity draws us away from human interactions and ironically makes life more impersonal.

It's within this perspective that I'll rephrase my original question:

Do Your Patients Know That You Are Friends?

Patients and doctors do not often consider how far information can travel across a network of people. For example, it is increasingly easy to take photographs in medical settings. After all, whose phone does not have a camera? Faculty and residents keep photographs on hand to use as teaching cases or, in some instances, to plan surgeries. Just the other day, a plastic surgeon snapped a photo of a gruesome hand injury to immediately send by email to his attending. This assisted with plans for the pending operation. It is possible that this photo could end up in a teaching presentation or case report, so it was wise that the resident secured written permission from the patient to snap the picture.

Before smartphones, photographs in the hospital would be snapped using a bulky camera; it would be hard not to ask for permission from a patient to take the picture. The boundaries of confidentiality would lead physicians to put black boxes over the eyes or crop out the head to prevent future identification. Today, it is easy to snap a picture without a patient's knowledge. Indeed, a recent Ethicist column in The New York Times described a situation in which a deidentified (no head shown) photo of a unique injury was posted on Facebook as the punchline for a joke that most would consider gallows humor.[1] Randy Cohen, the then-Ethicist, concluded that this humor should remain only among circles of physicians.

As all of us become increasingly dependent on digital communication, we must respect that what was once said in confidence is easily broadcast to the world. When it comes to sharing pictures and stories online, there are a few guidelines that can help us make the right decision. First of all, there is the Health Insurance Portability and Accountability Act of 1996 (HIPAA). This codifies confidentiality into law, limiting the sharing of "individually identifiable health information" without patient permission. According to the law:

"Individually identifiable health information" is information, including demographic data, that relates to:

  • the individual's past, present, or future physical or mental health or condition;

  • the provision of healthcare to the individual; or

  • the past, present, or future payment for the provision of healthcare to the individual, and that identifies the individual, or for which there is a reasonable basis to believe it can be used to identify the individual.[2]

In other words, if those in your network can figure out who your patient is, then you may be in violation of HIPAA law. Furthermore, authorization must be made by the patient to use the information in any way outside what is medically necessary for the patient's care. The law states:

All authorizations must be in plain language, and contain specific information regarding the information to be disclosed or used, the person(s) disclosing and receiving the information, expiration, right to revoke in writing, and other data. [2]

This seems pretty straightforward, but you would be hard-pressed to define a situation when posting a picture of a unique injury on a social networking site would meet these requirements, unless the authorization specifically accounted for "posting on Facebook."

But what about other online uses? The Healthcare Blogger Code of Ethics provides one set of guidelines.[3] Health bloggers often adopt the mantle of teacher or advocate; the code offers a consensus perspective that centers on respect for the patient-provider relationship. Although the code focuses on blogging, it could be reasonably extended to microblogs or photoblogs, under which Twitter and Facebook could be legitimately categorized. There is no penalty for violating the code of ethics. The penalty for violating HIPAA, however, is not trivial: up to $250,000 and possible 10 years of imprisonment for the worst violations. This is not a risk that I wish to take.

The next time you consider posting a picture of a patient (or even one of you with a patient in the background), consider whether that person would mind seeing his injury on your photo page. Better yet, ask him if he would mind. Chances are that you will have formed a strong therapeutic alliance by the time you ask him to sign permission for the photo. And by then, maybe you will have already found a new friend.