This is an open-access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/2.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work, first published in the Journal of Medical Internet Research, is properly cited. The complete bibliographic information, a link to the original publication on http://www.jmir.org/, as well as this copyright and license information must be included.
Social networking site use is increasingly common among emerging medical professionals, with medical schools even reporting disciplinary student expulsion. Medical professionals who use social networking sites have unique responsibilities since their postings could violate patient privacy. However, it is unknown whether students and residents portray protected health information and under what circumstances or contexts.
The objective of our study was to document and describe online portrayals of potential patient privacy violations in the Facebook profiles of medical students and residents.
A multidisciplinary team performed two cross-sectional analyses at the University of Florida in 2007 and 2009 of all medical students and residents to see who had Facebook profiles. For each identified profile, we manually scanned the entire profile for any textual or photographic representations of protected health information, such as portrayals of people, names, dates, or descriptions of procedures.
Almost half of all eligible students and residents had Facebook profiles (49.8%, or n=1023 out of 2053). There were 12 instances of potential patient violations, in which students and residents posted photographs of care they provided to individuals. No resident or student posted any identifiable patient information or likeness in text form. Each instance occurred in developing countries on apparent medical mission trips. These portrayals increased over time (1 in the 2007 cohort; 11 in 2009;
While students and residents in this study are posting photographs that are potentially violations of patient privacy, they only seem to make this lapse in the setting of medical mission trips. Trainees need to learn to equate standards of patient privacy in all medical contexts using both legal and ethical arguments to maintain the highest professional principles. We propose three practical guidelines. First, there should be a legal resource for physicians traveling on medical mission trips such as an online list of local laws, or a telephone legal contact. Second, institutions that organize medical mission trips should plan an ethics seminar prior the departure on any trip since the legal and ethical implications may not be intuitive. Finally, at minimum, traveling physicians should apply the strictest legal precedent to any situation.
Online social networking applications (eg, Facebook, Flickr, Twitter, and YouTube) have become the fastest-growing mechanism to exchange personal and professional information. With 85%-95% of students on college campuses using these communication mediums, and all age groups, even senior citizens, rapidly adopting their use [
Medical professionals who use social networking sites have unique responsibilities, since their postings could portray themselves in unprofessional ways [
The University of Florida’s Institutional Review Board approved as exempt a multidisciplinary team to perform two cross-sectional analyses of Facebook profiles of medical students and residents (2007, 2009). For the purposes of this study, we considered eligible all medical students (n = 501 in 2007, 528 in 2009) enrolled at the University of Florida, Gainesville, and the associated medical residents with available full names (n = 312 in 2007, 712 in 2009) employed by the Shands Hospital. Descriptive findings from each cohort have been published elsewhere [
For the purposes of this study, we reviewed sites for possible privacy violations to explicitly examine how students are using sites according to legal and ethical professional norms. Once a profile related to a study subject was found, any potential violation within a site was counted as one, even if a profile had multiple representations. For private sites, where optional Facebook privacy settings can limit non-“friends” from viewing part or most of the site, study authors reviewed only the profile photograph(s) and available content on their front page, where Facebook users can choose to list information such as name, address, and favorite hobbies. For publicly available profiles (n = 233, 62.6% in 2007; n = 95, 14.6% in 2009), we manually scanned all information, including all scrolled wall posts in text form and extensive albums for photographs, for patient information, such as names, dates, and procedures, photographs of patients or procedures, or any mention of patients. We also recorded available demographic information of the subjects (gender, year in training, relative age of subject). At the end of the study, in September 2010, we reviewed the sites that had potential privacy violations; all sites were now private and could not be reviewed. We performed our analyses using SPSS PASW Statistics, version 17 (Chicago, IL), and we accepted a level of significance of
Enrollment of medical students and residents’ Facebook profiles
A significant proportion (49.8%) of medical students and residents had profiles (n = 1023 out of 2053 eligible students and residents). Students and residents increased their use of Facebook, with 44.5% using Facebook in 2007 (n = 362 of 813), compared to 52.5% in 2009 (n = 651 of 1240,
In each of these groups of photographs, the profile owner was apparently on a medical mission trip, performing health care in another county. These photographs were placed in photo albums that the profile owner explicitly labeled (eg, “mission trip” or “Dominican Republic”), giving the viewer a context for understanding where they are from. Among “private” profiles (n = 701), two displayed themselves on their profile picture with identifiable patients, which is the information first available on any profile when a user peruses Facebook profiles. For those with publicly available Facebook profiles (n = 328 total, 233 in 2007; 95 in 2009), 10 additional sites had potential privacy violations within their profile’s photo albums. Photographs included trainees interacting with identifiable patients or performing medical examinations or procedures such as vaccinations. Of note, in each photograph, the recipient of the care was a child.
Example of a potential violation of patient privacy
Example of a potential violation of patient privacy
Example of a potential violation of patient privacy
Example of a potential violation of patient privacy
This study reveals that students and residents place protected health information on their publicly available social networking sites. This exposes significant concerns with the ethical and legal aspects of patient portrayals, a problem well debated with cyberspace issues [
Medical mission trips offer an opportunity to trainees and doctors alike to learn to practice medicine outside of the highly technical US hospitals and to gain personal satisfaction in treating patients who may otherwise not have access to care. However, these acts of compassion or benevolence should not be available for public or private discussion or viewing outside the context of the doctor-patient relationship. Medical trainees and providers at all levels need to apply legal and ethical practices of patient privacy at all times of their working careers. We believe that photographs of patients from medical mission trips are unethical and unprofessional, yet, due to variances in established international and emerging Internet law, they are only a possible privacy violation.
HIPAA (1996) [
Like the legal aspects, the ethics involved are multifaceted. In speaking to the responsibilities of health care providers who place patient information online, social networking sites challenge the difference between public and private information. In fact, one might argue that, while these sites are public, users are likely operating under the expectations of privacy [
Additional ethical considerations may question what duty that we, as authors, have in collecting and analyzing data obtained from public online social networking sites [
We make the following recommendations. First, there should be a legal resource for physicians traveling on medical mission trips such as an online list of local laws, or a telephone legal contact. To our knowledge, this does not exist. Second, we believe institutions that organize medical mission trips should plan this type of ethics seminar prior to the departure of any trip, since the legal and ethical implications may not be intuitive. Further, while an understanding of local privacy laws prior to departure on a medical mission trip would be ideal, it is nonetheless, at minimum, advisable to be cautious and apply the strictest legal precedent to any situation. For example, physicians should never write any patient information in text form or use a full-face photograph of a patient receiving any treatments. If photographs of individuals are desired, written consent should be obtained (although the wording of such documents may still not be legally defensible in that country). Additionally, subjects should only be shown in profile or in shadows, or physicians/medical professionals should use photo editing software to deidentify patients’ faces (see
This study has several limitations. First, this study was performed at a single institution, where it is possible that the students and residents with patient portrayals did in fact receive permission from the individuals that they photographed. However, no acknowledgement or supportive information regarding this consideration was available on the individual profiles. Second, while it appears that medical students are more likely than residents to post content that may violate patient privacy, this likely is a function of the structure of medical school in which students in their fourth year have the most time for trips overseas and their younger age [
As a profession, we have made considerable strides to protect patient privacy. We have not, however, adequately impressed upon students and residents that online social networking sites and blogs are, in essence, broad communities with a public audience. They are arenas, such as medical mission trips, in which patient information must be guarded just as it would be in any health care situation. Future studies should explore the motivations behind such postings, but we believe the observations found in this study merit swift action, since the nature of social networking sites allows for immediate assumptions by the observer, whether or not these assumptions are formed within the context that the profiler intended. Medical mission trips require the same high professional standards of patient privacy that all medical situations require, whether in a highly technical US tertiary care center or in a rural medical clinic in another country.
We would like to thank the Office of Privacy at the University of Florida, specifically Susan Blair and B Dianne Farb, JD, for their careful review of this manuscript. Publication of this article was funded in part by the University of Florida Open-Access Publishing Fund.
None declared
All of the authors are responsible and qualified for the reported research. They have all participated in the concept and design, analysis and interpretation of data, and drafting and revision of the manuscript and approve the manuscript as submitted. All of the authors have had full access to all the data in the study and take responsibility for the integrity of the data and the accuracy of the data analysis. None of the authors, to our knowledge, have any undisclosed affiliations, conflicts of interests, or financial arrangements with any organizations mentioned in the manuscript.
Health Information Portability and Accountability Act