A Dentist’s Guide to the Law. American Dental Association
Last accessed on May 28, 2014.
5 Note that where the allegations in a comment or review are demonstrably false allegations of a material fact (e.g., “this dentist has been found liable for malpractice on more than four occasions”, where the dentist had never been held liable for malpractice), such an allegation would likely not be protected as “opinion”, and in many cases would likely violate the Web host’s own terms of use, and (upon proper demand and proof of the falsity of the statement) might be voluntarily removed by the Web host.
6 The more a website is “clicked”, the more prominently (higher) it may appear in search results. With respect to a negative comment or rating, your “clicking” it (or suggesting that others do so) may actually help move the site to a higher level in a search for your practice!
7 Doctoroogle.com, “Terms of Use”, section 1. The terms of use for other rating sites contain similar prohibitions.
8 Q&A for Telemarketers & Sellers About DNC Provisions in TSR http://business.ftc.gov/documents/alt129-qa-telemarketers-sellers-about-dnc-provisions-tsr
Chapter 8.
Practice Websites
Let’s revisit and expand upon some marketing considerations for an increasingly important marketing vehicle: your practice website.
43. What Are Some of the Liability Issues With Practice Websites?
Dental practice websites can enhance the doctor-patient relationship, promote patient care and health, and be a useful marketing tool.
However, it’s very easy for a dentist with a practice website to unwittingly take on legal exposure. Among the liability issues are: malpractice (for example, if you are viewed as giving professional advice online); false or misleading advertising; trademark and copyright violations; and breaching patient privacy. This risk will vary depending on the nature of your site, the extent of interactivity, etc.
These issues often come into play when you use electronic media other than your website. For example, when you send emails or participate in Internet chat rooms, you can create legal exposure. That is not to discourage you from taking advantage of technology. Just be aware of the legal concerns, and take simple protective measures such as clarifying in a signature line on your email that you are not giving professional advice.
If you decide to sponsor an interactive area on your website such as a chat room or blog, some legal exposure can come from third party comments (for example, defamation) so you may want to check with an attorney experienced in this area before setting up an interactive site. Website operators have been sued on a wide range of legal claims, including defamation and copyright infringement, based upon the remarks of third parties. Certain federal statutes offer website operators some legal protection for from the illegal postings of third parties. A federal law called the “Digital Millennium Copyright Act” offers a website operator some immunity from the copyright violations of third party posters. In order to be immune, the website operator must comply with various statutory requirements, including a procedure for promptly removing infringing material when it receives notice of a copyright violation.
Another statute, the “Communications Decency Act,” offers interactive service providers some immunity for third party content. The immunity does not extend to claims based on copyright laws and there are certain other exceptions. An interactive service provider can itself be seen as an information content provider. As one judge stated, “Websites are complicated enterprises, and there will always be close cases where a clever lawyer could argue that something the website operator did encouraged the illegality.”9 For this reason, it helps to check with a lawyer experienced in Internet law, particularly prior to starting up a chat room or blog.
Privacy Issues Related to Practice Websites and Social Media
Stories about possible violations of patient privacy through social media have appeared in the news. For example, news media have reported that:
• A hospital took away a doctor’s privileges for an online post that included information that could be used to identify a patient10
• A hospital identified an incident involving employees who allegedly used social media to discuss patients11
• An emergency room worker posted a photo of her workstation, which included a computer screen displaying information about a patient. The patient subsequently notified law enforcement that she was the victim of identity theft12
Whether a dental practice posts a message or photo on the practice’s social media site, or a member of the dental team makes a personal post, privacy laws may be violated if the post identifies a patient, or could be used to identify a patient, and the patient has not authorized the disclosure.
Successfully managing the risks through appropriate policies, procedures and training can help dental practices benefit from social media while protecting patient privacy in compliance with applicable federal and state laws. A dental practice’s policies and procedures prohibiting improper disclosures of patient information should clearly apply in any context, whether inside or outside of the dental practice, and whether the disclosure is electronic, on paper, or oral.
The Security Rule under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires covered dental practices to have reasonable safeguards in place to protect electronic patient information. The HIPAA Privacy Rule requires a covered dental practice to obtain patient authorization before disclosing identifiable patient information unless the disclosure is permitted by HIPAA, such as a disclosure for treatment, payment or health care operations. If patient information is disclosed in violation of HIPAA, the dental practice may be required to provide breach notification to the affected patient(s), the federal government, and, in some cases, the media. HIPAA violations can also result in substantial monetary penalties, where the state law and some HIPAA violations carry criminal penalties.
HIPAA covered dental practices must also comply with applicable state law where the state law is more stringent than HIPAA. Dental practices that are not covered by HIPAA must comply with applicable state law. State laws protecting patient information may include medical confidentiality laws, data security laws, and laws requiring breach notification when sensitive personally identifiable information is improperly acquired, accessed, used or disclosed. Violations of state privacy laws can result in fines, and some state laws allow individuals to take legal action.
Therefore, before posting on social media, a dental practice should carefully review the content to determine whether the content complies with applicable law. For example, a covered dental practice that wishes to post patient before-and-after photos on a social media site may be required to obtain HIPAA-compliant written authorization from the patients if the photos could be used to identify the patients. Under HIPAA, full face photos and comparable images are considered identifiers.
Even if a patient has voluntarily made his or her health information public, HIPAA and certain state privacy laws still apply to the information. For example, if a patient discusses his or her health information with the news media, or in a social media post or online rating service, a covered dental practice must continue to protect the information in compliance with HIPAA and applicable state laws.
This is not to say that a dental practice can never respond to a patient’s social media post, only that the dental practice must do so in compliance with applicable laws, and that such laws may prohibit disclosures that identify the patient. For example, in response to a patient’s post stating that her questions were not answered to her satisfaction, a dental practice may be able to respond with a general statement that does not identify the patient, such as, “We encourage patients who have