- Professional and legal obligations apply on social media.
- Understand the privacy settings on social media platforms and review periodically.
- Obtain and document patient consent to use any patient information, even if it is de-identified.
- A social media post is in existence forever. If in doubt, don’t post.
Using social media
Social media offers hundreds of platforms, ranging from
professional networking sites, social networking platforms,
blogs, microblogs and content-sharing platforms. Referral tools,
discussion forums, message boards and messaging platforms all
fall within the broad category of social media.
It can be great for networking, establishing a professional
presence and sharing information. Be aware of your professional
and legal obligations to ensure you make the most of social media
and avoid inadvertent breaches.
Key issues to consider:
- Your professional and legal obligations in your use of
- Privacy – each platform has different privacy settings and
defaults that change periodically, so review these regularly.
- Posts – even those you think are private, could reflect on
your professional reputation if seen by a patient, colleague,
employer or potential employer.
- If you are an employee, you are obliged to comply with your
employer’s social media policies.
Legal and professional obligations
As a doctor, you are required to adhere to standards of
professional behaviour primarily contained in the Medical Board
of Australia’s Good Medical Practice: a code of conduct for doctors
The code of conduct includes how doctors should use social
media as well as traditional forms of communication. You
are expected to conduct yourself in accordance with the
responsibilities set out in the code. These include:
- maintaining patient privacy and confidentiality
- standards of professional behaviour
- the way you care for and communicate with patients
- advertising of your professional services.
Social media is designed to connect people. It often uses other
platforms and internet capabilities to identify existing links
between people. While you may think personal and professional
personas are different, your social media profile will often connect
the two. Your private actions may reflect on your public persona.
Always assume that at some stage a patient or colleague will be
able to see your social media posts. Consider whether you are
comfortable with that before posting.
Consider who you 'friend’ or share information with on social
media. Always be sure of the identity of people whose friend
requests you accept. Do not accept friend requests from patients.
If you do receive such a request rather than ignore it, send a polite
response such as 'unfortunately due to hospital/practice policy
I am unable to accept a friend request from a patient’.
Try to control when photos of you are posted. Ensure you also seek
consent from anyone who is in a photo you post.
The code of conduct also includes professional obligations,
for example, your responsibility to promote the health of the
community through health education, disease prevention and
health promotion. Posting images or comments that could be
seen to endorse activities and behaviours such as excessive
alcohol consumption, drug use, violence or anti-social behaviours
could not only damage your professional reputation but could be
in breach of your professional obligations.
You may be contacted by people seeking information or advice
from you in response to your social media presence. Develop a
strategy to respond to this. For example, refer them to their own
treating doctor for any clinical advice in the first instance. If they
ask to see you as their treating doctor and this is appropriate,
ensure that a formal doctor/patient relationship is established
before any treatment is provided.
Privacy and confidentiality obligations
As a general rule you have a duty of confidentiality in relation to
any information about your patients.
Be very cautious about posting images of or information about
patients. Never post any patient information on social media
without specific consent, even if the image or information is
apparently de-identified. If you do have consent, document this
in the patient’s clinical records.
Be aware of inadvertent breaches of privacy and confidentiality.
For example, there may be identifying information relating to
patients or staff in the background of a photograph. The metadata
of an image may also contain identifying information.
Be wary of platform defaults, such as granting permission to
access address books, as this may allow access to confidential
patient contact details. Check the terms and conditions of
websites before signing up, including whether the site will access
email addresses in your database.
Know your audience and security settings and remember to
review these regularly.
Some platforms are completely public so should be used
cautiously. Even on platforms with privacy settings, certain parts of
your profile, such as your name, profile photo, friends list, gender,
geographic location and pages and networks to which you
belong, may be publicly available and not protected.
Even if you remove content from some social platforms, copies
of that information may still be viewed elsewhere if it has been
shared with others. Assume that if you post something online
it will become public and you may not be able to delete it. If in
doubt – don’t post.
Sharing information via social apps
Sharing information, particularly with international colleagues,
can provide a virtual corridor consultation with an expert or to
aid in diagnosis.
If clinical images or information from a patient’s medical record
are shared with colleagues for their clinical opinion, it is important
to carefully record what image or information was shared to track
what the opinion was based on when making recommendations
for the patient’s treatment. Always seek and document permission
from the patient to share their information and images with
colleagues, even if you believe it has been de-identified. There
have been instances of patients identifying themselves, or being
identified by friends or family, from information or images posted
Even in a closed group or private messenger function, the risk
of breaching patient confidentiality is high with potentially
serious ramifications. Images and information can become
stored on a number of people’s devices and while the person
who sent the message may delete it, there is no way of knowing
or guaranteeing that all recipients will delete it. Given the
connectivity between apps and platforms on devices, there is also
the risk of an image or information being transferred inadvertently
to a different app or social media platform.
As an employee, for example of a hospital or at a medical centre,
be aware of your employer’s social media policies. Policies
will generally prohibit using social media in a way that would
breach any law (including privacy, defamation, confidentiality,
discrimination or harassment, intellectual property, competition
and consumer laws), or that would bring your employer into
disrepute. It may also prevent comment on workplace matters.
In a hospital setting clinical records and information are owned by
the hospital, so even with patient consent the hospital’s policies
may prohibit posting on social media. Unauthorised posting could
contravene your employment obligations. Other workplaces
such as medical clinics may also have social media policies or
expectations, so ensure you know if this is the case and familiarise
yourself with them.