Medical blog can invade patient privacy

July 29, 2008

HIPAA rules expect the utmost in patient privacy, even online.

Medical blogs may threaten patient privacy, according to a new study published online in the Journal of General Internal Medicine. The Robert Wood Johnson Foundation and researchers at the University of Pennsylvania examined content from 271 medical blogs and found that more than half contained enough information to reveal the author’s identity.

Although researchers say that overt violations of patient privacy are rare, “anonymous” medical bloggers who provide information about their location, subspecialty or other personal details inadvertently reveal their identity to patients, colleagues or other members of the public. In some cases, patients described in these blogs may be able to identify themselves.

MHE Editorial Advisor Joel V. Brill, MD, chief medical officer of Predictive Health LLC believes that managed care executives can help by developing a policy to address appropriate corporate policies regarding official and unofficial posts.

“Companies may wish to monitor what is being said about you and what your employees are blogging about,” Dr. Brill says. “Although this [research] addresses privacy issues by physicians, it is just as important from a corporate perspective, especially if your employees are inadvertently providing information. Once it’s out on the Internet, it’s accessible to all.”