Does the Use of Social Media, Technology and Electronic Exchange of Health Information Pose Risks?

Assistant Vice President, Risk Management Group
AWAC Services Company, a member company of Allied World

Whether it is how we connect with colleagues, family, and friends, perform research, advertise, shop, or simply keep abreast of world events, it is safe to say most of us use social media and technology. The growing popularity and utilization of technology has also impacted healthcare and its delivery as physicians and hospitals alike integrate the use of technology into their practice areas. In fact, the utilization of technology platforms surged during the COVID-19 pandemic and continues to be effective and invaluable to healthcare professionals.

This article will focus on the use of technology and social media in a healthcare setting, along with the risks associated with them, including the exchange of health information.

How Do Consumers Use Social Media and Technology in Healthcare?

privacy buttonMore than half of the world’s population uses some form of social media and 82% of the U.S. population currently uses a popular social media platform.These sites serve to pepper the consumer with information available at their fingertips and in real time. In the business world and in healthcare, social media is a popular tool that is used to evaluate and review products and services. Social media utilization by healthcare consumers increased by 61% during the first wave of the pandemic, including by patients who had not previously used social media. Consumers today thrive on the ability to access healthcare records, communicate with providers, and perform their own research related to medical concerns.2

This utilization of technology and social media by consumers also provides the following benefits to healthcare providers:

  • Creation of a social connection network
  • Ability to provide valuable information and reach patients
  • Curtailing of misinformation
  • Real-time access to health information

How Can We Benefit from Technology and Social Media in the Healthcare Setting?

Patient Portals

Patient portals are a popular technology resource offering patients and providers the opportunity to “connect” in a secure environment. By design, patient portals are HIPAA compliant and offer a closed environment to ensure professional exchanges of information occur confidentially. The use of portals adds an extra layer of protection, known as encryption, when sharing Protected Health Information or PHI.

Repeated encouragement and promotion of patient portals provides patients with real time access to their health information which in turn can foster good communication and patient outcomes. The top reasons patients use portals are to obtain lab results, request prescription refills, to make an appointment or message their provider. Patients appreciate the ability to reach out between visits and the convenience of asking questions and receiving timely responses.

Social Networking Forums

The benefit of social network forums, such as Doximity and DailyRounds, allows providers to engage in collaborative chats amongst peers and facilitates professional development and research in an easy-to-use setting. Participation in social networking sites can support and enable the creation of a professional online presence, foster relationships with peers, and affords opportunities to disseminate health communication and messages.

Telehealth Platforms

Providers should be familiar with some of the common telehealth platforms, such as, SimplePractice, VSee and Zoom for Healthcare. These platforms are vital tools to provide a seamless delivery of healthcare. They offer additional options for patients living in remote areas or who may be homebound. Telehealth offers better access to providers and may reduce unnecessary non-urgent emergency room visits.

Note: Allied World and American Professional Agency, Inc. do not endorse or recommend any particular products or services.

What are the Potential Risks Related to Technology and Social Media and How do I Mitigate Them?

Although we have talked about the benefits of the various social media, telehealth, and patient portal tools available to physicians today, these technology sources also present potential risks to both patients and providers. The most common risks include privacy, boundary, and professionalism concerns. When using social media or technology platforms, it is important to consider professional obligations to patients and associations you belong to and remember the nine Principles of Medical Ethics still apply in the technology space.3

Privacy Considerations

  • We must remember the ability to access records and engage in real-time communication may also compromise privacy. You may encounter a patient who reports difficulty accessing the patient portal and subsequently requests to email you instead.

– It is recommended to avoid the use of email outside the secure patient portal to ensure a patient’s privacy is protected and there is no unintended disclosure or access to PHI in a non-secure environment.

– In the event you do not use a patient portal system, it is best practice to use a patient consent form which acknowledges the risks associated with using email.

– Keep emails succinct and with only basic information. It is suggested email be used only for scheduling appointments or billing inquiries.

– In the rush to quickly communicate to patients, it is easy to make mistakes and inadvertently send an email to the wrong recipient. Make sure to double check your recipients before you hit send.

– When sending mass emails to patients, make sure that you place all the email addresses in the blind copy [BCC] column.

  • Physicians often use social media appropriately; however, there have been instances when it has been misused by sharing images, emails, or texts, which may result in an unintended disclosure under HIPAA.4
  • Social media forums can be a great way to “blog” about medical issues or case studies. As medical professionals, it is important to ask ourselves, is there any way for my patient to identify themselves? If the answer is yes, it is best to avoid posting.
  • Be familiar with your privacy settings. You can customize your settings to hide comments, adjust to “public or private,” and other options to control your account.
  • Social media can be a forum for patient education or marketing for one’s practice. The downside of social media forums is that patients may provide both good or bad feedback and replying may cause an inadvertent breach of the patient’s confidentiality. Don’t be tempted to respond to online reviews or comments as this may implicate you and potentially divulge a patient/provider relationship resulting in a potential HIPAA privacy violation.
  • Remember, social media platforms are not HIPAA compliant and therefore, any patient attempts to reach you in this environment should be directed back to your office, website, or patient portal. Know that privacy remains a top concern for both medical providers and consumers alike.

Boundary Concerns

  • It is best to avoid any patient “friends” or “followers” with your personal social media accounts. This will assist in protecting you from any assumptions about your relationship and protect you from a potential privacy breach. This practice should be adhered to by your staff as well to avoid any connection to your practice which could result in a HIPAA violation.
  • If you have a professional social media account, it may be more acceptable and expected that your patients will “follow,” “comment,” or even “like” your posts; however, caution should still apply with your responses. Professional boundaries may be obscured when social media forums involve interactive dialogue and therefore it is recommended to limit interactive chats to avoid misinterpretation and refrain from offering medical advice, such as questions to a special medical issue or concern.


Another reason to be cautious when posting any personal responses on social media forums is that posts may be misinterpreted and may lead to a lack of trust between the patient and physician. Practice the same standard of professionalism with all interactions no matter which venue you are using for communication. As an example, with the increased use of telehealth visits, the “office” environment has become more casual. It is important to reinforce your practice guidelines and expectations no matter where the visit is taking place.


Technology is here to stay and is integrated into the delivery of healthcare today. A recent study reported, 60% of the time people who use social media say they trust posts by their doctors, while 55% trust hospital posts. These results confirm people are paying attention to and responding in the social media space.5 It is important to understand how to interact with social media and technology safely. The same professional and ethical standards should be applied regardless of the setting. Also remember, your digital footprint is permanent and may be used in legal proceedings. When in doubt, it is always best to consult your risk management professional or legal counsel.



About the Author

Cara Staus provides risk management consulting services to Allied World’s medical professional liability policyholders and insured psychiatrists, psychologists and psychiatric nurse practitioners and physician assistants. She works directly with policyholders to develop individualized action plans to mitigate potential loss based on their unique exposures and risk management needs.  Additionally, Cara assists these clients with ongoing medical educational programs as well as policy and procedure review and development