Friday, August 08, 2008

Medical (Blogger) Malpractice

U. S. News and World Report noted yesterday an article in the Journal of General Internal Medicine on medical blogs. According to the U.S. News article, "The researchers analyzed the contents of 271 medical blogs and found that 56.8 percent contained enough information to reveal the author's identity.” Worse, “In some cases, patients described in medical blogs may be able to identify themselves, the researchers said. For example, three of the blogs in the study had recognizable photos of patients, including one with an extensive description of the patient and links to photos.”

There were other issues as well – advertisements on sites, for example, including some within the texts of posts – but the issues of privacy were certainly cause for the greatest concern.

I found it interesting, and even a bit absurd, that there were concerns about the author’s identity. If someone is sufficiently determined, it’s hard to remain absolutely anonymous as a blogger. Granted, I’m marginally anonymous here; but I’m not at all at the other site where I post. But even without that reference, it wouldn’t be that hard to narrow down where I find my ministry.

Did these medical bloggers instead believe that maintaining their own anonymity was somehow a substitute to maintaining the anonymity of any patients they might discuss? That might seem reasonable in discussing the common cold or even diabetes – conditions affecting so many that even some pretty specific characteristics might apply to lots of folks. On the other hand, even that can only go so far; and the less common the diagnoses discussed, the less value the anonymity of the physician would have.

Physicians and other professionals in health care write about patients all the time, for articles and presentations, or case studies, or teaching purposes. It’s common enough to discuss specific patients, and the means for protecting identity are clear enough. For example, in the normative case study form used in Clinical Pastoral Education, the Verbatim, most training centers of my acquaintance call for use of the patient initials only, even those the document will only be shared with other chaplains. It’s easy enough, when preparing for publication or presentation, to leave out or disguise information sufficiently to prevent identification. In some cases, it’s possible get the permission of the patient. It’s easy enough, too, to decide that if you can’t do those things, you can’t use that patient, that case.

This is not a new consideration. Professionals have been showing this level of respect for patients and their privacy for a long time. Even in research protocols, where publication is a reasonable expectation, there has long been expectation that potential participants would be given information about that before agreeing to participant. This summer one potential CPE blogger let me know not to expect anything about CPE on that blog, lest the blogger say too much.

But surely the issue is more pertinent now. Under the Health Insurance Portability and Accountability Act (the infamous HIPAA), a provider who violates the privacy or confidentiality of a patient’s protected health information (the difference is basically whether the means of violation is written or verbal [privacy] or electronic [confidentiality]) is liable for prosecution to the tune of $25,000 per incident. That might be $25,000 per inappropriate post. It might even be $25,000 per viewing – that would have to be determined, I think, in an actual case. One would think the providers would be especially careful, if only for their own protection.

I do suppose, though, that there’s one benefit to being able to identify the “anonymous” medical blogger. Any provider so inept or careless as to violate patient privacy this way needs to be identified, just so the rest of us have the opportunity to choose another provider.

No comments: