Ok, #1: If you are outside of the US, you do not follow HIPAA. HIPAA is a US law. Other countries may have their own versions of patient privacy laws, and they probably differ from ours, so be sure and find out what your country’s standards are.
#2, if you are a medical person who is working or studying in a country that is not your own, you should adhere to that country’s guidelines for patient privacy. If that country’s guidelines are fairly loose, no one would blame you for following stricter rules. If the country you are in does not have patient privacy guidelines, the ethical thing to do would be to follow cultural norms there while also still protecting patient information. For example, when I travel, I do not share patient information (patient’s name, condition, labs, etc) with anyone other the patient unless the patient tells me I am free to do so. This is a bit hard when you work in hospitals that have large open wards, but it’s still possible.
And now a little summary of HIPAA: the whole point of it is to minimize the number of people who are given access to patient information and identifiers. Protecting patient privacy is a lot more than not sharing their name. It covers any information that could be used to identify a patient. For example, say my practice has a patient with an extremely rare congenital disorder. Now if I were to say what kind of disorder this patient had, or if I told you where my practice was, it would potentially be very easy to identify them, right? This is why in my own blog I often leave out specific details of patients’ stories, or I change their demographics in some way, or I change the time frame that the event occurred (yeah, most of the time when I say something happened “yesterday”… it didn’t) so as to blur the lines a bit and make them even less identifiable.
The easiest way to keep your patients’ identities secret is to keep your own identity secret. I say easy, but trust me, it’s hard to stay anon. I’m certainly no expert on this, and I flub it up all the time. Cranquis would definitely be the best model to follow for blog anonymity out there. That man (or is he?) is paranoid about being identified.
But total anonymity is not required to be HIPAA compliant online.
Here are some major guidelines to follow:
I come across many med student/MD blogs. I know doctors are only human and need to vent or share their experiences too. Still, do you ever wonder if these blogs may affect the way patients view and trust doctors? -secondworldwarineurope
Well so far I haven’t had a patient ask me if I was “one of those blogger doctors,” so I can’t be entirely sure, but yeah, it probably does affect some people. You gotta remember though—most patients (mine at least) aren’t trolling the medblr tag on Tumblr to see if their doctor wrote something about them.
I can’t say that our blogs contribute to people’s perceptions of doctors any more than medical tv shows and tv docs like Dr. Oz do. I feel like those things give us just as bad reps as our blogs potentially could. My hope for these blogs is that they would help patients to see doctors as humans. For many years, doctors were seen by many as demi-gods, and were held to impossibly high standards.
To some degree, we still are. Some docs like to be seen that way. Personally, I don’t want my patients thinking I’m better than them in any way, because guess what? I’m not.
Medicine is SUCH a stressful career, and if patients hold us to a standard of perfection, the burden will become unbearable. But if our patients realize through our blogs that we are imperfect, stressed out, insecure, caffeine-addicted, relationship-challenged, quirky, but yes, very smart, people, then we have some hope of living somewhat normal, unburdened lives.
And you’re right, docs do need a place to vent. Doctors have been writers for hundreds of years, and they were being careful about what they wrote long before the institution of HIPAA. Pastors write about congregants they’ve helped, lawyers write novels based on interesting cases, and cops shows and books are a dime a dozen, but for some reason the ethics of doctors writing about their day at work is always in question.
I’m always worried that my blog will be found by my residency program or by my hospital. Honestly, I’m not nearly as careful with my anonymity as I should be. It’s very difficult to write about the things you really want to write about and still be completely anonymous. But my hope is that one day, we won’t have to hide.
There’s a scene in Elementary where Dr. Watson is talking to her therapist and hesitates to talk about Sherlock, and her therapist says “my confidentiality protects your confidentiality.” Watson’s not technically Sherlock’s doctor, but I was wondering if that’s really true in the case of HIPAA. Could a medical professional divulge potentially identifying information about their patients to their own psychiatrist? Does their confidentiality really “protect” yours? -asortoflight
I’m not so sure about that. The rule is pretty much don’t give identifying patient information to anyone other than the patient or people who they permit you to share with. I suppose Watson could talk about Sherlock and not give away identifiers, though. But no, doctors shouldn’t be telling other doctors about their patients unless it’s a consult situation or a group practice type thing.
Now in my (and Cranquis’ and all the other TOADS) case, our anonymity does protect our patients’ anonymity. Sure, we change demographic information, but even if we didn’t, it would be very difficult to identify our patients without knowing who we were or where we lived or worked.
My question is if you know or know of places I can find some regulations in regards to posting medical-related materials such as photos of injuries or operations that i find educational. I’ve come across several tumblr and even photos on fb depicting an open heart surgery and would like some clarification on policies in regards this. Thank you! -foolstodustydeath
Hey friend, thanks!
So when taking or collecting photos of patients, a few rules apply almost everywhere:
1. You should not be able to identify the patient by the picture— all patient identifiers (numbers, dates, locations) and distinctive features (tattoos, scars, face, etc) should be covered.
2. If you’re taking a picture of a patient, you should have their written consent to do so and to use it in an educational setting.
3. Many hospitals require you to call a hospital-employed photographer to take these pictures to ensure proper use of them.
4. Even if you’re keeping them just for personal use and studying, they have to be de-identified in case your computer/cell phone/whatever gets “intercepted”. If not de-identified, the data should be encrypted or password protected.
5. Don’t post them on social media sites. Just don’t do it. You take a big risk in doing it. If you post patient pictures (even anonymized) on a site with your name on it, you could lose your job, get kicked out of school, get sued, etc. It happens, friends.
**For CTs, X-Rays, EKGs, and other imaging studies, I think you can generally use the images as long as patient identifiers are removed. I have my own personal collection of interesting x-ray and CT findings as well as a notebook full of EKGs to study by, but all have been de-identified.
I’m not sure if the official HIPAA rules touch on this subject or not. They stay pretty general and mostly just talk about keeping information de-identified. For more specifics on what it means for something to be anonymized or de-identified, check those HIPAA rules above. Also check with your school administration or hospital legal department and find out the policies specific to your area.
I simultaneously started posting more medical stuff and started rapidly gaining followers, so I just thought I’d be more free to tell my stories if I was anonymous. Plus Cranquis made me all nervous about the legal implications of not being anonymous.
Well then I wouldn’t be anonymous anymore, now would I?
No, I wasn’t. I’ve had this blog for 4 years and I’ve only been anonymous for the last 10 months or so. But I’ve very carefully removed all pictures of myself and references to my location & school from the blog.
Why, you likey the pictures, anon?
I guess I picked up the secrecy thing from Cranquis. Mainly, I just feel safer telling my patient stories (though I do change demographic information on them) if people don’t know who I am or where I’m located. That makes it much harder to figure out who these patients are and keeps me more HIPAA compliant. It’s mostly paranoia, but considering how litigious our society is, it may be worth it. Plus, I’m just a medical student right now. I don’t want to jeopardize my future or my career by getting hit with a HIPAA violation.
When I only had a handful of followers (all of whom know me in real life), I didn’t care, but when my blog sort of exploded and I got a ton of followers, I decided to make it anonymous.