Law Feature - May 2009
Tex Med . 2009;105(5):29-32.
By Crystal Conde
Associate Editor
Upon cross-examination, opposing counsel shocked the courtroom by pointedly asking the defendant in the case, Robert P. Lindeman, MD, if he was "Flea." Under oath, the pediatrician admitted to his pseudonym and settled the case for a substantial sum the following day.
Bryan Vartabedian, MD, a pediatrician in The Woodlands, maintains a blog on parenting and child health. He says what happened to Flea serves as a cautionary tale for all physicians. (For those who don't know, a blog or Web log is an online journal where individuals post regularly updated commentaries and entries about their interests or personal experiences.)
"Flea was edgy, and his disparaging comments cost him his medical liability trial," Dr. Vartabedian said.
E-mail, blogs, Twitter, and social networking Web sites like Facebook are pervasive and offer physicians an opportunity for more rapid communication with patients. But physicians have a reason to be cautious when opening up online or communicating back and forth electronically with a patient. State and federal laws govern the privacy and confidentiality of patients' protected health information (PHI).
State and federal laws and regulations must be followed in physician communications with patients. (See "Laws, Regulations Cover Physician-Patient Communications.")
To ensure doctors fall in line with state and federal laws, Lewis Foxhall, MD, a Houston family physician and former chair of TMA's technology task force, stresses that physicians remain vigilant in safeguarding their patients' PHI.
"The rules are no different even though the vehicles used to transmit information have changed. It doesn't matter if it's a blog or an e-mail or what format the communication is in; it still needs to be considered confidential and handled in a secure way," he said.
The Myth of Anonymity
In a world of constantly evolving technology, physicians can find themselves encountering pitfalls when communicating electronically. One of the lessons physicians can learn from Flea's misstep is that online anonymity doesn't exist.
"A physician has to realize that when posting something online it's possible someone could find out it's you," said Jeffery P. Drummond, JD, a Dallas health lawyer.
Dr. Vartabedian identifies himself on his blog, Parenting Solved, because, he says, revealing who he is keeps him in check. "When I blog, I know my boss and patients will read it. I'm sure to maintain a civil tone. Even if it's my opinion, I say it in a way that's not harmful to someone," he said.
He also makes patient confidentiality a priority. "I make it a rule not to write about specific circumstances or cases that could be linked to a patient. I'll discuss general health topics but make sure no one person is identified," he said.
Allen Roberts, MD, an emergency medicine physician in Fort Worth, has a blog called GruntDoc, which he says allows him to satisfy his desire to be a computer geek while venting about working in the emergency room.
Dr. Roberts says he uses the pseudonym GruntDoc because it helped him ease into a blogging persona when he began his postings in 2002. But he knows he's not unidentifiable online. He seldom writes about patients or cases he's seen.
"Physicians who blog can step over the line if they release individual patient information. I rarely blog about interactions I've had with patients, but when I do, I change as many characteristics and details as I can to make it unrecognizable," he said.
Mr. Drummond advises physicians who blog, known as "medbloggers," to be careful when writing about patient interactions.
"The problem is a doctor could inadvertently disclose PHI. For example, if someone can tell from a blog that you're a certain specialist in a particular town, and you write about a specific case with identifying characteristics, someone could connect enough dots and identify the patient," he said.
He suggests medbloggers fictionalize a patient encounter when describing it online to avoid violating state and federal laws designed to safeguard a patient's privacy.
Confidentiality is a concern when physicians and patients correspond via e-mail, as well. Among its guidelines, TMA advises physicians to use a system that encrypts all personally identifiable health information and to inform patients about privacy issues.
Dr. Foxhall adds that electronic communication with patients doesn't replace the personal interaction a physician needs to diagnose and treat a patient.
For that reason, Mr. Drummond says it's a good idea for medbloggers to post disclaimers on their sites. The wording should let readers know the content of the blog isn't medical advice and should recommend they consult their physicians if they require medical diagnosis or treatment.
HIPAA Silences Physicians
When writing about personal reflections and experiences, Dr. Vartabedian says, physicians reveal a part of themselves they would not normally expose in the exam room. That can work against a doctor if patients see him or her as cynical or sarcastic.
"A doctor's comments on a blog could interfere with the physician-patient relationship if people disagree with the physician's opinions and grow to distrust that doctor," he said. "On the other hand, a blog can work in a physician's favor. If the physician blogger posts positive content with helpful information, patients may feel even closer to that doctor."
Likewise, some patients maintain blogs. They may use them as venues for criticizing a physician and, in the process, reveal their own PHI.
In a 2008 Health Law Perspectives article, attorney Nathan Andersen, JD, LLM, uses a hypothetical scenario in which a patient posts a disparaging comment on a blog, complaining that her physician was insensitive to the fact that she'd had a miscarriage. ( Health Law Perspectives is a publication of the University of Houston's Health Law and Policy Institute.)
Mr. Drummond says the Health Insurance Portability and Accountability Act (HIPAA) constrains a physician's ability to respond to such negative online comments.
"That type of situation puts physicians in a tough spot because they can't defend themselves. They're subject to maintaining patient confidentiality, even though the patient self-disclosed medical information," Mr. Drummond said.
In his article, "Patient Blogs, PHI and HIPAA - Social Networking and Patient Self-Disclosures as Waiver of PHI [PDF]," Mr. Andersen outlines possible physician responses, including contacting the patient and blog administrator to request the post be removed. He warns doing so could antagonize the parties involved, magnify the problems, and open the door to retaliation. If neither of those avenues works, the physician might be able to sue the patient for defamation.
Mr. Andersen acknowledges that self-disclosure of PHI on the Internet is largely uncharted legal territory. But, physicians can act preemptively.
To stifle patients from posting ratings on Web sites like Zagat's and Angie's List, some physicians require patients to sign forms barring them from commenting on the Internet about the doctor's professional capability or treatment.
While requiring such patient waivers is legal, Mr. Drummond says doing so might raise a red flag in patients' minds.
"If I'm a patient and see I'm asked to sign one of these forms, it makes me think the doctor might get a lot of complaints. If you have patients sign these agreements, [a doctor] may have inadvertently forced them to file a complaint with the TMB [Texas Medical Board] instead of just griping on a blog," he said.
Crystal Conde can be reached by telephone at (800) 880-1300, ext. 1385, or (512) 370-1385; by fax at (512) 370-1629; or by email at Crystal Conde.
Laws, Regulations Cover Physician-Patient Communications
Physicians need to be aware of state and federal laws and regulations on physician-patient communications.
The Texas Occupations Code contains confidentiality provisions for communications between physicians and patients. It prohibits physicians from disclosing communications with patients unless the patients authorize it. To view the Texas Occupations Code physician-patient communication stipulations, click here.
The federal Health Insurance Portability and Accountability Act (HIPAA) privacy rule defines and limits circumstances in which a patient's information may be used or disclosed. The law requires physicians to disclose protected health information when a patient requests it or when the U.S. Department of Health and Human Services (HHS) secretary requests access to information to determine a physician's compliance with the HIPAA privacy rule.
The Texas Medical Board (TMB) has rules governing the retention and handling of patient medical records, including electronic records.
The Texas Medical Association has weighed in on the issue of patient-physician electronic communications and has guidelines developed by the Task Force on Patient Medical Information and Privacy and Physician Use of Information Technology in 2001.
TMA's security guidelines say physicians should use a system that:
Electronic communication guidelines developed by TMA urge physicians to:
TMA's principles are similar to those of the American Medical Association. To view the AMA's guidelines, click here .