The medicolegal considerations of interacting with your patients online

CASE: Patient discloses personal information in electronic communication. How to respond and what’s at stake?
Your nurse comes to you with a dilemma. Last Friday she received an email from a patient, sent to the nurse’s personal email account (G-mail) that conveyed information regarding the patient’s recent treatment for a herpetic vulvar lesion. The text details presumed exposure, date and time, number of sexual partners, concernfor “spread of disease,” and the patient’s desire to have a comprehensive sexually transmitted infection screening as soon as possible.

Your nurse has years of professional experience, but she is perhaps not the most savvy with regard to current information technology and social media. Nonetheless, she knows it is best not to immediately respond to the patient’s email without checking with you. She tracks you down on Monday morning to review the email and the dilemma she feels she has been placed in. What’s the best next step?

While discussing the general question with the staff, another nurse notes that there have been some reviews of the office on social media. It seems that this second nurse tweets and texts with patients all the time. The office manager strongly suggests that the office “join the 21st Century” by setting up a Facebook page and using their webpage to attract new patients and communicate with current patients.

How do you prepare for this? Is your staff knowledgeable about the dos and don’ts of social media?

The use of social media by health care providers has been growing for several years. Back in 2011 a large survey by QuantiaMD revealed that 87% of physicians used social media for personal reasons, and 67% of them used it professionally.¹ How they used it for professional purposes also was explored in 2011, with almost 3 of 4 physicians using it for social networking and more than half engaging with their own institution’s social media (FIGURE).² In 2013, 53% of physicians indicated that their practice had a Facebook platform, 28% had a presence on LinkedIn, and 21% were on Twitter.³ Not surprisingly, social media use is higher among younger physicians⁴; the 2016 equivalents to these percentages most likely are higher.

Health providers’ use of social media for professional reasons2

In 2011, a survey found that most health providers used social networking, their institutions’ own social media, and Internet forums, boards, and communities for professional reasons.

Patients’ outreach through social media regarding health care information continues to grow, with 33.8% asking for health advice using social media.⁵ While email and other social media open the possibility of improved communication with patients, they also present a number of important professional and legal issues that deserve special consideration.⁶ Each medium presents its own challenges, but there are 4 categories of concern related to basic values and rights that we consider important to review:

Confidentiality
Few values of the medical profession are of longer standing than the commitment to maintain patient privacy. Fifth Century BC obligations continue to apply to the technology of the 21st Century AD. And the challenges are significant.

Email is not secure
In the opening case, the choice to email her clinician was apparently the patient’s. She probably does not realize that email is not very confidential, although it is undoubtedly in the Terms of Service Agreement she clicked through. Her email was likely scanned by her email service provider—Google, in this case—as well as the nurse. If, however, the physician’s office responds by email, it may well compound the confidentiality problem by further distributing the information through yet another email provider.

If, as a physician, you encourage email communication by your patients, a smart approach is to emphasize that such communications are not very confidential. At a minimum, until a secure email system can be established, it is best not to transmit medical information via email and to inform patients of the risk of such communication. In the case above, the nurse who received the email should respond to the patient by telephone (much more secure). Or she can respond to the patient by email (not including the patient’s message in the return), writing that, because email communications are inherently not confidential, she suggests a phone call or personal visit.

This case also notes that the patient sent the email to the nurse’s personal account, not to an office email account. Sending medical emails to an employee’s personal account raises additional problems of confidentiality and appropriate controls. It should be made clear that employees should not be discussing private medical matters via their own email accounts.