Social media is now a core part of many people’s lives: doctors included. It helps us organise and fraternise, meet up and catch up---but when medicine and social media mix, it can sometimes end in disaster for those who share their medical work online and breach patient confidentiality.
To help you figure out where the line is, and how to navigate patient confidentiality in the social sphere, we’ve put together this short guide.
Time to get social.
Sharing details on social media
Social media can be considered as a public forum. You post something on Facebook, you tweet something on Twitter, you update your profile on LinkedIn: you have to assume that anyone and everyone will be able to see what you are doing.
There are settings you can adjust to reduce the sphere of people who can see it, but the reality is that privacy cannot be assumed no matter what kind of settings you have switched on. If it goes on social media, you should be comfortable with sharing it with the world.
Even after the images have been doctored and names have been removed, people can still identify themselves, their friends or their loved ones as subjects of a medical social media post simply by timing, geography or treatment/injury detail. You may have seen a colleague or a doctor from another practice or hospital share something on Facebook with a little bit more detail than they should have included. There are numerous examples of this in the news, with doctors being admonished for their failure to adhere to patient confidentiality.
Public posts are one thing, but surely the “private messenger” apps out there are different? Not really. Private chats are something of a misnomer, as they aren’t necessarily all that private. Whether you are discussing medical detail with colleagues or with patients themselves, there is always the chance that you could have your account hacked and details exposed, or even something as simple as leaving yourself logged on a device and somebody stumbling upon it.
The bottom line is that social media should be considered a public space for all intents and purposes for doctors.
Taking and sharing images
Photographs can be exceptionally useful for diagnosis, treatment or review of a patient’s condition, but they can also be traps for doctors who don’t take care with consent. If you are intending to take a photograph of a patient, they must be able to give informed consent to the process, and you should take care to tell them exactly where this image will be used. This includes social media; some doctors ask for advice about their patients using social media channels, and may include a photo. Alternatively, you may wish to share this image as an educational tool on a Facebook group, for example.
However you use it, your patient must have the ability to both know and understand how the image will be used. This is particularly important for patients with mental disabilities, or those who may not engage with social media themselves and thus not have total understanding of what it means to have a photo “posted” online.
Even if the image doesn’t include the patient themselves, you can still breach patient confidentiality with a photo. For example, there was a case when a group of young nurses took a photo with the placenta of a woman they had helped through childbirth. This was then shared on social media. Despite there being no identifying information about the patient, nor did their image appear anywhere, it was still considered a breach of confidentiality (not to mention inappropriate) and the nurses were severely admonished.
This is why de-identification measures, such as blurring out faces and nametags, as well as ensuring you do not include any photographic evidence of where the patient was being treated, is so important. A lot of information can be gleaned from an otherwise minor detail in a photo.
When taking photos and intending to share them on social media, you must:
- Get explicit consent from the patient, and ensure they understand what is meant by “sharing”, “social media”, and so on.
- Let the patient know:
- You are taking a photo,
- What the photo will be used for (educational, clinical, etc),
- Where the photo will appear (in their notes, on social media, etc), and,
- How the image will be doctored to remove identifying information.
- Remove all identifying information, including identifiable marks, tattoos, faces, nametags, location and so on.
- Ensure that the image will only be used for clinical or educational purposes. Memes of patients are hardly appropriate.
- State explicitly in the post that you have patient permission to share this, and that this is confidential information and should be treated as such by other doctors.
Deleted information may not be truly deleted
Have you heard of the Right to be Forgotten? In the context of the internet, it boils down to the ability to make a mistake, and then eventually have that mistake be forgotten to the public at large and be able to “determine the development of their life in an autonomous way”.
In other words, it’s representative of how most human societies function: information is eventually forgotten.
Not so on the internet, which can act as an archive of the Greatest Hits of all of humanity’s biggest mistakes. That awkward haircut you had when you were 13? That’s on social media now, so there’s little chance it will ever truly be forgotten.
The same can be said of any patient information you put online. Anyone with access to your profile can simply scroll through your timeline or feed and eventually find that. That can cause serious trouble if the patient decides to rescind permission to share details later down the line.
But let’s say that does happen, and you delete the offending information. Job done, right? Not quite. By using internet tools like The Wayback Machine or even basic Google caching, it is sometimes possible to find old, deleted information---including patient details.
Anything you put online, even after being deleted, may be discovered again. This is why avoiding the common mistakes of social media and patient confidentiality is so important. If you make a mistake, it can be very, very difficult to fix it completely.
When sharing anything on social media, always remember that it may be more difficult to fix any mistakes than first thought.
Summary
Sharing patient information on social media can be a minefield. In most cases, our advice is not to do it, but if you absolutely must, ensure you get extremely explicit and informed consent from the patient, and ensure you delete any and all identifying information. Even then, if you have to delete the post, you may discover it can still be found by savvy internet users.
Always be cautious when mixing social media and medicine!
For more information on surviving your first year as a resident doctor, check out our free ebook below!
