- mHealth security experts are warning doctors to think carefully before engaging in a social media conversation with a patient.
Of particular concern is the rise in consumer-facing rating sites like Yelp and Angie’s List. For example, a doctor who learns of a bad review posted on such a site, and who goes onto that site to refute the review or clarify a complaint, could instantly be guilty of a HIPAA violation.
“Just acknowledging that it’s your patient is wrong,” says Lysa Myers, a security researcher for ESET, a San Diego-based Internet security firm.
The ubiquity of mobile devices has made it quite easy for anyone to post comments – right or wrong – for all to see. From online rating sites to social media channels like Facebook, SnapChat and Twitter, a patient can come out of a doctor’s office or hospital and immediately rant and rave about or rail against the provider.
While retail stores and restaurants might be able to counter the criticism by direct response, healthcare doesn’t have that freedom. Most doctor-patient relationships are confidential, and the release of any information from these encounters is strongly regulated.
Writing in Medscape, Jeffrey Segal, MD, JD, notes that HIPAA – the Health Insurance Portability and Accountability Act – expressly forbids doctors from disclosing protected health information without first gaining the patient’s approval or unless authorized by law. Some doctors may assume that the gloves are off once a patient talks about his or her experiences online, he added.
“The doctor does not have the patient's permission to disclose protected health information - regardless of whether the patient did so first on her own,” he wrote.
“The online world is here to stay,” he added. “Patients are increasingly making healthcare decisions based on what they read on the Internet. Some online challenges are unique to healthcare. Doctors should respond to online criticism - privately to the patient, if the patient's identity is known, and publicly, if it can be done in a HIPAA-compliant way.”
According to Myers, the Office of Civil Rights hasn’t yet stepped into the arena, so there are no ongoing HIPAA-related cases to analyze. But some doctors are turning to the courts to challenge what they think are libelous or slanderous comments.
“Right now there are a lot of lawsuits in progress,” she says. “It’s going to take a while to figure them out … and I think the information out there is not sufficient” for doctors to understand how HIPAA and social media collide.
For now, Myers and others suggest these steps:
- Think before reacting. Again, a doctor simply admitting that he or she treated the online reviewer may be a HIPAA violation. Take a look at what was said and try to understand the context. Larger healthcare providers may even have a social media person or department to review these comments. For solo and small-practice doctors, it may be best to consult with an attorney before responding to a scathing review.
- Make it a learning moment. Try to understand why the reviewer was angry. Was it simply a matter of a doctor and patient not seeing eye-to-eye on a treatment, or was the doctor lacking in his/her so-called bedside manner? Learn from the experience. In some cases (though not many), an apology delivered in person or by phone may be appropriate, though a doctor has to be very careful about exposing himself-herself to legal liabilities.
- Make it a teaching moment. If a doctor simply has to respond, make sure the response is general. Explain what a typical office visit or procedure would entail, perhaps outlining what a typical doctor can and can’t do and what the patient’s expectations should be. Above all else, a doctor shouldn’t try to justify his/her actions or refute the consumer’s comments.
- Encourage – but don’t compensate or reward for – reviews. Doctors should tell their patients that they’re free to post reviews online about the experience (some larger providers may even have laptops or tablets in the waiting room for that purpose). This tends to dilute the few harsh comments and create a more rounded perception.
Above all else, Myers says, healthcare providers have to think about their patients’ privacy when using social media. It’s true that the platform offers great opportunities to market a practice and improve one’s visibility, but the quick back-and-forth enabled by mobile devices can get a doctor in a lot of trouble in a short amount of time.