Chapter 3: An Introduction to Social Media Standards for Mental Health Professionals
Part 2: Social Media Risks for Psychologists
Confidentiality, Psychologists, and Social Media: A Slippery Slope
Let's start with an example lawsuit. Say you've just penned a memoir about your experiences counseling people with personality disorders. Naturally, the book is peppered with real-life cases, but you've taken care to change patient names, so you didn't ask for their consent first. Though you may think that's enough to protect your patients' identities and not run afoul of HIPAA, you are mistaken. After the book's release, a patient contacts you, recognizing their counseling session detailed in the freshly printed pages. They decide to sue you over violating their publicity rights, breach of privacy, and defamation.
Seem farfetched? Such a case happened to a doctor who treats patients for drug addiction. According to American Medical News, Michael Stein was sued by a former patient for using her case in his book without her permission, even though he changed her name.
Psychologists can be sued if they fail to get a former patient's consent before publishing details about their case, even if identifying information is redacted.
Now consider this: when publishing a book, readers, editors, and publishers carefully vet those pages before anything is printed and distributed for public consumption. There are simply more opportunities to catch errors and double-check content before its release.
But with social media, it only takes a second to publish an anecdote about a patient. And if it's an off-the-cuff blog post or tweet, there's even less of a chance that patient consent was obtained prior to its publication.
When you factor in HIPAA regulations and the APA's Ethical Principles, you can clearly see how blogging or posting about patients on social media can land your psychology practice in the crosshairs of a lawsuit.
According to the APA, psychologists are obligated to take reasonable precautions to protect confidential information. And HIPAA details 18 identifiers that medical practitioners can't include in any published documentation about past medical cases that a patient hasn't authorized. These identifiers include…
- Patient names.
- Geographical location.
- Dates of treatment.
- Birth date.
- Facial photograph.
- And more.
HIPAA lists 18 identifiers that can't be included in published documentation.
The National Center for Biotechnology Information (NCBI)'s Beyond the HIPAA Privacy Rule: Enhancing Privacy, Improving Health Through Research states that even with the removal of all 18 identifiers, studies found that it's still pretty easy to re-identify individuals with today's technology.
Next: What Psychologists Should Know about Defamation Lawsuits