Privacy gaffe: Did the punishment fit the crime?

The health blogosphere has been in a tizzy this week over the story of a doctor from Rhode Island who was reprimanded by the state medical board for posting a patient anecdote on Facebook that inadvertently revealed enough information for a third party to identify the patient.

Here are the details, courtesy of the Providence Journal:

The board found Alexandra Thran, of Westerly Hospital, guilty of unprofessional conduct after she recounted some of her emergency-room experiences on Facebook, according to a news release by the state Department of Health. The board said she did not use the names of patients, and did not intend to disclose confidential information, but the nature of the injuries of one patient allowed an unauthorized third party to figure out who it was, the board ruled.

The panel said that Thran deleted her account as soon as she learned what had happened. The board issued a reprimand and told Thran to pay a $500 administrative fee.

Apparently Thran, 48, also has lost her privileges to practice at Westerly Hospital.

Was this a fair punishment or was it overkill?

The information contained in the news accounts is rather limited, so it’s difficult to do anything other than speculate. How did this incident come to the attention of the authorities? Who was the “unauthorized third party” and what was his/her relationship to the case? Did the hospital have a policy on the use of social media? Had there ever been any training for the medical staff on appropriate use of the social media?

The interface between medicine and Facebook, Twitter, blogging and the rest of the social media is ill-defined and wrought with uneasiness. Protecting patient privacy should be paramount, but it’s not always clear how far health organizations should go in ensuring that the boundaries aren’t overstepped.

It’s a fact that privacy breaches do occur – some of them far more blatant than an unintentionally revealing post on Facebook. Consider, for example, reported cases of unauthorized snooping into the medical records of Farrah Fawcett and Britney Spears by hospital workers who had nothing to do with either woman’s medical care.

Then there’s this whopper of a lapse in judgment: A surgeon in training at the Mayo Clinic in Phoenix, Ariz., brought a cell phone into the OR and took a picture of a patient’s penis tattooed with the words “hot rod.” The surgeon claimed he later erased the photo  – after first showing it to others on the surgical team.

Many clinicians blog about their work and about patient encounters. Some are anonymous; some are not. Most are respectful but some are not. Is it OK as long as no one recognizes the patient? Does it make a difference if the details are blurred so the story is a composite rather than the literal truth? Are unintentional breaches – which appears to be what happened in the Rhode Island case – more forgivable than other kinds of lapses?

The temptation might be for hospitals and clinics to ban the social media altogether. No Facebook, ergo no privacy disasters. I’d argue, however, that this is not the route to go.

For an industry in which privacy is so important, health care has been rather slow to address the issues inherent in social media use. I’ve been unable to find any figures on how many hospitals or clinics have formal policies on employee use of the social media, but I’d bet that many do not. I suspect many organizations haven’t even talked to their employees about what’s appropriate and what isn’t. Reacting on a case-by-case basis rather than creating clear expectations ahead of time doesn’t seem to be the best way of preventing the inevitable breach (and make no mistake, every organization at one time or another will face a privacy breach).

The industry needs to get with the program, Mike Morrison, a media relations officer at a Boston teaching hospital, argues on the Hospital Impact blog. “Having a clear understanding of social media at your hospital is important and may even preempt improper use,” he writes.

Like it or not, employees are using social media, Morrison writes. So are patients, families and the public. Rather than viewing it with distrust, health care leaders ought to realize that it’s here to stay and figure out how to use it wisely and appropriately. “No matter how you want your hospital to use social media, ignoring it altogether offers neither the opportunity to benefit from its power nor protection from improper use,” he writes.

Follow me on Twitter for the latest blog entries + news, information and commentary on all things health.

Leave a Reply

Your email address will not be published. Required fields are marked *