Doctors and the potential pitfalls of an online presence

Everyone who uses the internet leaves some sort of footprint, even if it's just a string of visited addresses. This presence is magnified if you've ever been in the news, been listed on a website (e.g., as faculty), or if you write a blog. Social networking sites such as facebook and Twitter add a whole new dimension of online presence. Everyone should be concerned about what their online presence says about them (if your public Amazon wish list is full of sex toys, for example...) but physicians should have special concerns which fall into some broad categories. First, we'll briefly discuss types of online presence.

Your online life

Who hasn't vanity googled? Googling yourself can be interesting and instructive. If you have publications, are listed on a website as a contributor to a charity, or anything else searchable, someone can find this out. It's probably better to find out for yourself before you hear about it. As mentioned above, public profiles and wish lists at places like facebook, Amazon, and eBay are often included in search results, as are basic components of facebook profiles. Your online presence is dramatically larger if you are involved in web-related activities such as blogging. Even if you blog anonymously, it's likely that eventually, a search will link your real name to your blog and everything you've written there even if you've deleted it. Different types of online presence present different challenges.

  • facebook: parts of your profile are visible publicly, and depending on your privacy settings, a great deal of information about you is visible to "friends" and many other members. Critically, this includes your status updates. If you write, "I LOVE CHEEZE!!!" people may think you quirky, but there's little harm. If you write, "I LOVE BONG HITZ!!11!!!" this is information that is going to be available to many others, and there is a good chance that it may become available to colleagues and patients. This would generally be a bad thing.
  • Twitter: twitter is like having only the status updates from facebook, but relationships with other tweeters tends to be looser, and many people have hundreds of followers whom they do not know.
  • MySpace: if you are on MySpace it's probably past your bedtime (or you're on a special "list").
  • Blogs: blogs contain an enormous amount of information about how you think and what you believe, and this information is, for all intents and purposes, permanent.

Legal issues

(NB: I am not a lawyer! This is simply an introduction to these ideas and should not be construed as legal advice. Really!)

Most non-physicians who maintain an online presence have no legal fears (other than behaviors such as libel), but doctors most certainly do. The Health Insurance Portability and Accountability Act (HIPAA) is the law that governs the privacy of your medical information. It is very, very detailed, and requires quite a bit from your doctor. You've signed a form at the office of every provider you've visited that notifies you of your privacy rights. I cannot discuss your care in a hospital elevator. I can't send you an email regarding your health without making it very clear that any information in the email cannot be considered secure. I cannot disclose your health information to anyone else except under very specific and limited circumstances. HIPAA has radically changed the way we do things with health information. Information covered by HIPAA is known as Protected Health Information (PHI), and knowing what is and is not PHI is sometimes unclear, but some things are rather obvious.

If you facebook, tweet, or blog about a patient without their specific permission, you could be in big trouble. HIPAA covers any individually identifiable health information, so if I were to publish that the incidence of chlamydia is x%, no one is harmed. If I were to write that four of my personal patients had chlamydia last month, that's getting a little close to the line, and if I were to talk about a young man who works as a clerk who had chlamydia last month, I've probably crossed the line. That's why I don't write more clinical anecdotes, and when I do, they are amalgams of patients seen over the years rather than a single individual's story.

Ethical considerations


All that may come to my knowledge in the exercise of my profession or in daily commerce with men, which ought not to be spread abroad, I will keep secret and will never reveal.

Hippocrates of Kos (probably) wrote this about 2400 year ago, and despite vast differences in cultures, confidentiality is a widely accepted medical ethical principle. There are many good reasons for this, but the essential point is that revealing anything about patients in online venues is not just unwise and potentially illegal, but also unethical. It damages the doctor-patient relationship, the emotional integrity of the patient, and the reputation of the doctor.

Professional considerations

Doctors have a professional identity which they must guard closely. Just as it's unwise for a doctor to been seen grossly intoxicated in a public place, unprofessional comments online can destroy your reputation. Strangely, quacks never seem to mind promulgating bizarre hypotheses publicly, but their reputation is based on deception of individual patients rather than the opinion of the community. Your reputation as a physician is much more sensitive, and you must guard it jealously. A facebook picture of you prancing around a nude beach can do damage well beyond the "ick" factor.

But what if no one knows who I am?

The saying goes that online, no one knows you're a dog. But anonymity is a very thin veil. If you use your anonymity to protect you, your patients, your hospital, or your practice, all you have done is delay a big problem. Your cover can be blown at any time. Now anonymity and psuedonymity can provide something. They may (maybe) put your name one or two clicks further into a google search, and it creates an online persona that can be managed separately from your real identity. But never forget that these identities will likely merge at some point, either through carelessness, spite, or chance.

In medicine, your reputation is everything. Bad doctors with good reputations do very well, and good doctors with bad reputations starve. How you conduct yourself online is part of building this reputation. Being online can be very rewarding both personally and professionally, it just requires caution and forethought. Every doctor should think very, very hard before they push that "enter" key.

Categories

More like this

The saying goes that online, no one knows you're a dog.

Arf! Actually, if you, at least, don't know exactly who I am it's because you've decided not to waste the neurons on figuring it out. And I doubt that even someone without the extra clues you as the blog moderator have would have a very hard time.

That having been said, I'm more worried about being indiscreet with patient information than about someone thinking that I'm a weirdo. I do wish that it were possible to discuss cases more online--case presentations are always fun and instructive--but confidentiality simply has to be protected so, not really possible. But then where is the line? Suppose you saw 3 cases of Creutzfeld-Jakob disease in one week. This is a disease with an incidence of about 1 in 1 million so one person seeing three in a week is alarming and possibly a public health issue, maybe even something you want to warn the public about through your blog (among other methods, including, of course, reporting it to the CDC). But because it's so rare, it is almost certain that the patients-or rather the patients' families-would know that you were writing about them.

As far as what to say on facebook or twitter or in comments, I think it is possible to get too worried about sounding undignified or controversial and end up censoring oneself. Where the line is is an issue. For example, if I publically state that I support universal health care (which I do), that might have negative consequences. Suppose a conservative patient saw the statement and became less trustful of me because of that statement. That could be a real problem for the therapeutic relationship. Or suppose my boss saw the statement and decided I was a dangerous radical. My contract might not be renewed. Nonetheless, I'm not willing to pretend that I don't have opinions on this issue. Or that I don't have a fondness for cheese, for that matter. If being a doctor means that I can't express an opinion in public, I have to rethink my career.

Of course, it is possible to create a virtual grand rounds or morning report. This can be done either by using amalgam cases, or by creating a closed forum for health care providers only, which would be sad. Also, the forum would probably have to have HIPPA compliant security features.

HIPPA does not in any way prevent HCPs from discussing cases, thankfully.

...by creating a closed forum for health care providers only, which would be sad.

Yes, that would be sad. I'm not a doctor, so I don't know all of the great things you and other blog-doctors do, and I would really miss the great discussions. I learn something just about everytime I visit, and moving all of that to a closed forum would make my world, at least, a poorer place.

ObHipaaJoke:

Knock, knock.
Who's there?
HIPAA.
HIPAA who?
I can't tell you that.

My mom loves that one!

By LanceR, JSG (not verified) on 25 Jun 2009 #permalink

I have a rare last name, but there is actually another person with my same first and last name who I found out about through Google. Apparently she's an elementary school teacher or something.

Can you travel back in time and give this to Dr. Flea?

Anyway, anyone who actually figures out and googles my real name is in for a shock. You won't get me anywhere near the front, as I share a name with a spectacularly prolific porn director. I don't think I've even managed to find me, and I know what I'm looking for. Of course, it's sometimes hard to make it past those first few pages...

HIPPA does not in any way prevent HCPs from discussing cases, thankfully.

But HIPAA does make it quite hard to have any discussion of cases in an open forum, such as on the web. This is necessary for patient privacy, but unfortunate in that I think it would be quite useful and entertaining for people in the general public to get a chance to see how HCP consider cases and what goes into the decisions. If people knew what went into making health care decisions and how standard of care is devised, they might be less inclined to fall for woo. (Then again, they might be scared out of their minds...)

Thanks for this thoughtful post.

@Ranson and Dianne, I rarely spend time trying to identify individuals as I prefer to address what someone writes.

One more reason why, alphabetical order notwithstanding, being a physicist is very different from being a physician!

If you use your anonymity to protect you, your patients, your hospital, or your practice, all you have done is delay a big problem. Your cover can be blown at any time. Now anonymity and psuedonymity can provide something. They may (maybe) put your name one or two clicks further into a google search, and it creates an online persona that can be managed separately from your real identity. But never forget that these identities will likely merge at some point, either through carelessness, spite, or chance.

For a couple years, I was an active Wikipedia contributor. My user account there was a pseudonym, and I never explicitly identified myself, although it would have been pretty easy to figure out, say, where I'd been to university. I didn't choose pseudonymity for any grand reason, but once I realized I'd been in the system for a while and built up something of a persona through my edits and my interactions with other users, I figured I'd have some fun. I started manufacturing subtle hints about the places I'd lived, the gender I happened to be and so forth, all of them completely fabricated and misleading.

Eventually, I gave up Wikipedia in favour of blogging, mostly because I was tired of their "no original research" policy. Since Wikipedia is supposed to be an encyclopaedia, you're not supposed to write anything which wasn't already said by somebody else in another venue. Even a new synthesis of pre-written statements is considered a bad thing. Now, this is wholly appropriate for an encyclopaedia project, but I could tell I'd be happier writing primary and secondary rather than tertiary material. (Plus, on your own blog, you can ban a crank or a troll when they get boring, whereas on Wikipedia, you had to make a case that their behaviour was beyond the pale and take your case to someone with bannination authority. . . .)

I'd been commenting on other science blogs under my real name, and I didn't bother with a pseudonym (even a transparent one) when I got my own blog up and running. As it happens, though, "Blake" is an epicene name, and I can recall at least one case where, oddly enough, a blogger wrote a reply to a post of mine and never used "he" or "she" through the whole length of it, preferring to stick always with my name. It sounded forced enough that I wondered if the blogger in question couldn't tell if I was XX or XY!

Of course, I always thought "Blake Stacey" was a pseudonym...

Involving a large 70's mustache, bell bottom pants and a certain kind of music ...

Saying that you've seen 4 patients with chlamydia, by my legal sources, doesn't represent anything close to a HIPAA violation. I frequently comment on medical trends among children.

Yes, saying that I've seen four patients with chlamydia (many times that actually) is no violation. To say that I have seen four of my own patients in the last month with it is very close to offering identifiable info, since my name is known, the time period is known, etc.