Emails, Texts and Social Media: What Physicians Need to Know

1

Today’s Learning Objectives

By the end of today’s program, you will be able to : • Identify the risks to patients’ privacy which

email, text messaging and social media pose

• Recognize the malpractice risk associated with using email, text messaging and social media

• Assess best practices to follow if using email, text messaging and/or social media

2

A QUICK SHOW OF HANDS:

If your practice had a secure patient

portal, would you use it to post

patient test results? 3

4

WHAT WE ARE TALKING ABOUT TODAY?

Defining our terminology:

5 5

Emails, texts, & instant messages

• About patient care • Not in a patient portal

6

Patient Portal

The part of your IT system that allows for secure communication about patient’s health information.

7

Social media Websites where users:

• connect online

• comment on, or reply to comments

• rate information

• post information, pictures or videos

8

Who am I communicating with?

• Patients • Consultants • Internal • Other

facilities

9

10

WHAT ARE THE RISKS? Electronic communications:

11

RISK 1: Not capturing all patient care in the medical record.

12

13

RISK 2: Nothing is anonymous. Everything is discoverable.

14

15

RISK 3: Accidentally establishing a physician-patient relationship.

16

17

RISK 4: HIPAA & Privacy Breaches

18

How much do you care that only you have access to this information?

19

RISK 5: Angering your patient

20

21

22

RISK 6: Damage to your professional reputation

23

24

25

RISK 7: Legal and ethical considerations

26

27

28

WHAT NOT TO DO Mitigating Electronic Communication Risk:

29

Beware of red flags

DO NOT:

– Provide medical advice or comment on medical issues through social media websites or other websites such as healthtap

– Text orders

– Use abbreviations

– Use for emergencies

30

Avoid angering patients

Do not: • Discuss sensitive subject matter

• Discuss patients “anonymously”

31

Protect Privacy

Do not: • Email or text message a patient from a personal email

address or phone number.

• Message or post any PHI anywhere unless it is: – Encrypted – Limited to those who should have this information

• Post in response to unfavorable comments online

32

Avoid legal issues

DO NOT:

– Post any confidential or proprietary information

– Comment on legal issues

– Post content that is not your own without express written permission

– Refer to financial or other relationships you may have with professionals of products or services

– Refer to products or services of third parties that you discuss or review online.

33

Protect your identity

Do not: • Allow any other person or entity to use your identification

for posting or viewing comments. 34

Act ethically

DO NOT:

– Engage in bullying or discrimination

– Post anything that is defamatory, libelous, threatening, harassing, abusive, obscene, knowingly false or otherwise inappropriate

– Post advertisements or solicitations of business

– Post chain letters, spam or pyramid schemes

– Impersonate another person

35

WHAT TO DO Mitigating Electronic Communication Risk:

36

Remember it’s discoverable

DO:

• Recognize that anything said or otherwise posted on social media websites is in the public domain and potentially subject to discovery.

37

Integrate your systems

DO: • Ensure all communications get into the

medical record in a timely manner

• Make it easy to do

• Establish safeguards 38

Accept limitations

DO:

• Utilize in person or over the phone communications when the subject matter calls for it

• Ensure diagnosis and treatment takes place in person.

• Remember you are not in control of what happens after you hit send/submit

• Watch your tone and be on the lookout for miscommunications

• Be sure to read things before you hit send

39

Protect privacy

DO:

• Encrypt it, and use patient portals when available.

• Just because the patient identifies themselves, doesn’t mean you can.

• Use privacy settings on social media, email, etc. • Remember, unencrypted emails, texts and social media present

a higher risk for breaches, and are not HIPAA compliant unless additional steps are taken to protect PHI and you have the patients written permission.

40

Keep it professional

DO:

• Recognize that behavior on social media websites reflects not only on the individual, but on your practice, colleagues, and the medical profession

• Use disclaimers. An example: “The views expressed here are solely the author’s and do not represent the opinions of [practice name].”

• Use common sense: If in doubt, do not post it.

• Inform the compliance officer if a colleague’s social media behavior is inappropriate.

41

Set rules

Do: • agree what is and isn’t acceptable • formalize your rules • ensure all staff understand and follow them

42

Get permission

Do: • Get signed permission from patients before

using e-communications 43

HOW TO GET STARTED

44

A QUICK SHOW OF HANDS:

Are you confident that you know what

kind of electronic communications are occurring in

your practice? 45

ASSESS WHAT YOU KNOW

• Be sure you REALLY know: – How am I communicating? – Who am I communicating with? – Where am I communicating from? – What am I communicating about? – Why are we communicating this way?

• Keep an updated record

46

A QUICK SHOW OF HANDS:

Are you feeling overwhelmed by all of this information?

47

EVALUATE YOUR STRATEGIES Decide on the do’s and don’ts, and formalize them into a policy for your practice. • Cover:

– Texting, email, social media, patient portals – Personal and professional accounts

• Have everyone sign the policy to show they are

aware of it

48

MANAGE YOUR PROCESSES • Update your processes:

– Who can do what? – Who do I inform if something is wrong?

• Train:

– Doctors – Staff

• Get patient consent in writing for texting,

email, and/or patient portals 49

MEASURE AND MONITOR

• Are you: – Following your own rules? – Reviewing your policies at least annually? – Still meeting your practice needs? – Conducting ongoing training when needed?

• If so, celebrate!

• If not:

– Repeat: Assess, Evaluate, Manage and Monitor – Consider disciplinary action

50

QUESTIONS?

51

Our final takeaways:

• Know what is actually happening in your practice

• Set rules about what should and shouldn’t happen

• Make sure everyone understands the rules

• Monitor and revisit– technology changes rapidly!

Thank you for joining us today!

How to Claim CME Credit

– Claim credit at https://cme.ama-assn.org/ by July 31, 2017.

– Use access code 7777. – Questions? AMA staff will be available in

the Crystal Ballroom Foyer to provide assistance. You may also view the following online tutorial: http://bit.ly/CMECredit.

53