Surprising Legal Dangers of 'Safe' Social Media

Michael J. Sacopulos, JD


September 24, 2014

Social Media Pitfalls

Social media has become an ever-present facet of daily life. But actions that you consider innocent could end up causing you legal trouble. Following a few simple rules can help medical practices avoid real liability in the cyber world. Here are four situations to watch out for, and recommendations for staying safe.

1. HIPAA Rules Apply to Everyone

Earlier this summer, the University of Cincinnati Medical Center was named as a defendant after several of its employees allegedly misbehaved. According to lawsuits, a female patient's ex-boyfriend convinced two UC Medical Center employees to post a screenshot of the patient's medical records on Facebook.

It gets worse. The posting revealed that she was positive for syphilis. With discretion having already been abandoned, the employees chose the Facebook page "Team No Hoes" for the posting. As if that weren't bad enough, some of the group's 2300 members joined in. Commenters on Facebook called the patient a "slut" and a "hoe" and broadcasted her STD diagnosis.

This is just one example of an increasing area of liability exposure for healthcare providers. With the tremendous benefits of social media come risks, and some of these risks are not readily apparent.

Similarly, physicians who own a practice can be sued for the social media activities of their employees if those employees violate privacy laws.

Advice: Train all of your staff on privacy issues. HIPAA instruction often does not make it past physicians and practice managers. A little training and awareness will go a long way.

2. Potential Legal Issues With Online Physician Reviews

There are dozens of websites that offer reviews and ratings of physicians and medical facilities. Some, such as, are specific to healthcare, while others, such as Angie's List, mix physicians in with plumbers and auto mechanics. And sites like these are gaining in popularity with prospective patients. In fact, the Pew Research Internet Project[1] reports that 30% of Internet users have consulted online reviews or rankings of healthcare services or treatment. In turn, the public interest in online reviews and ratings has attracted the attention of the medical community.

Inaccurate, hurtful, and even malicious patient reviews and ratings are easy to find on the Internet. Understandably, many physicians want to "set the record straight" by posting a response to an objectionable review or rating. Sometimes you might even recognize the specific patient and be tempted to respond specifically about the circumstance. But a response might trigger liability.

"Physicians need to be careful not to violate HIPAA when responding to a patient's review," cautions Jeff Segal, MD, JD. Segal runs eMerit, a North Carolina-based practice-and-business management firm for physicians. A patient's protected health information, like their name or photograph, linked to a review means "your hands are tied and you can only speak broadly," says Segal.

Advice: Do not engage in social media discussions with patients. Do not attempt to specifically address patients' complaints about you online in any sort of review site. No matter how much you want to air the real facts, regret will replace that desire in time.

Even if the patient review is entirely anonymous, Segal warns physicians about getting into a debate online. HIPAA and patient privacy concerns make for a perfect legal minefield for health providers to navigate when attempting to respond to a patient review.


Comments on Medscape are moderated and should be professional in tone and on topic. You must declare any conflicts of interest related to your comments and responses. Please see our Commenting Guide for further information. We reserve the right to remove posts at our sole discretion.