The Aesthetic Guide is part of the Informa Markets Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Patient privacy: When social media bites back

Article-Patient privacy: When social media bites back

Alex ThierschStreaming live video and engaging people via social media are excellent marketing strategies. But for the cosmetic practices that use them, these marketing approaches are also risky.

Very risky, according to Alex Thiersch, an attorney and partner at ByrdAdatto, and director of the American Med Spa Association, in Chicago.

“We’re seeing these incredible advances in marketing, particularly through live video streaming,” Mr. Thiersch says. “Doctors are using Twitter, Facebook, Instagram, Snapchat and all those things and getting these huge followings. But there are risks associated with that when it comes to patient privacy advertising and making true statements.”

Essentially, he says, technology is moving faster than the laws governing it, and doctors might not know when they’re crossing the line.

“These are things that even five years ago, we would have never imagined. It’s as if we’re trying to keep everybody on the road, even if the road itself hasn’t really been defined,” he says.

NEXT: The Live Stream


The Live Stream

Mr. Thiersch says people in cosmetic medicine are debating potential legal and ethical issues cosmetic surgeons might face when they live-stream their surgical procedures.

Consent issues are at the top of those concerns, Mr. Thiersch says.

“Is it ok to be talking about patients on social media with the public at large?” he says. “What we’re seeing is the doctors will live-stream their surgeries, and they’ll answer questions from the audience, which can be a substantial amount of people — 10,000, 20,000 people.”

Sure, that’s great publicity. But it’s a landmine for consent problems. One example: When the audience starts asking questions about a patient or procedure, it’s easy to go off-topic and talk about things to which the patient might not have consented.

To avoid these consent issues, cosmetic surgeons have to be careful to have a consent form that covers everything that could potentially happen when doing such things as live-streaming a procedure.

“It’s very important to have a lawyer look at your consent forms before you engage in one of these things. Having a healthcare lawyer who is familiar with aesthetics is the most important thing. These are issues that don’t often come up in other medical practices,” Mr. Thiersch says.

With social media, the minute a doctor or staff member releases something online, they can’t get it back, completely.

“Even if a patient decides he or she no longer consents to something, you can withdraw it from your website, from your social media feeds, but it’s still out there. You have to make sure that your consent form reflects that that is going to happen, and patients need to consent to that,” Mr. Thiersch says.

And there are horror stories. He knows of one that had to do with before and after pictures on a website. The same could happen on any social media platform. The vendor who was posting a before and after photo of a woman’s breast augmentation did not scrub the image of metadata. The file name was changed and the name was deleted, but the metadata inside the photo was not scrubbed. As a result, when people searched on the woman’s name, in the images of the breast augmentation popped up.

“It was totally unintended, but that ended up to be a pretty expensive lesson for that doctor,” Mr. Thiersch says.

NEXT: Legal Pitfalls


Legal Pitfalls

A potential legal pitfall occurs when cosmetic surgeons hold public or patient events at their practices. Often, doctors will do injections or give presentations. Staff might serve alcohol. And many practices offer specials for those who attend.

“[The staff] will be either live streaming or posting photos to Instagram or Snapchat of the event. And if the office takes photos and posts them and doesn’t have the consent of everybody in that photo, then we’ve seen instances where a photo inadvertently captures somebody in the background, who might be getting an injection, for example. Even if it’s blurry, as long as you can identify that person in the background, that’s a violation of that person’s privacy,” Mr. Thiersch says.

It’s important to educate staff about privacy issues because they might think they’re doing something nice, when, in reality, they’re violating patient privacy. This is especially true at aesthetic practices because the competition for patients is fierce. Marketing often helps to set practices apart from the competition.

“Consultants and marketing services are encouraging practices to take a traditional business approach to this, which means branding your entire practice — having your entire staff engage in this effort to bring patients in and to keep patients in,” Mr. Thiersch says.

Front desk staff or marketing professionals might join in a practice’s marketing efforts, who are not accustomed to medical advertising rules. If they start Tweeting with patients or communicating with patients online, that’s where the trouble starts.

“We had a matter where a front desk person, trying to be helpful, sent out a social media post saying, ‘Hey, it was great to see you today. Look forward to seeing you next month.’ Didn’t say anything other than that, but it turned out to be a breach of that patient’s privacy because [the front desk person] essentially acknowledged that patient was treated at the facility,” Mr. Thiersch says.  

The prevention tip, there, according to Thiersch, is to be very careful about what you and your staff post, and train your staff, as well as vendors who work with the practice, in terms of marketing privacy issues in the specialty.

“There are numerous companies that provide social media, SEO [search engine optimization] and website development. And a lot of these companies come from non-healthcare industries. So, you have to make sure they’re trained to take patient privacy very seriously. It just takes one person, good intended, to make a slip up that can cost the doctor a lot of money,” he says. 

NEXT: Privacy First


Privacy First

Violating patient privacy is the biggest consequence of these and other social media mishaps, according to Mr. Thiersch.

The violations can be federal, state or both. For example, if there’s insurance reimbursement involved or if the violation involved a patient from another state or country, it might result in fines or investigations under the Health Insurance Portability and Accountability Act, or HIPAA.

"I think the thing that most people don’t realize is that most states have state law patient privacy statutes that are oftentimes more restrictive and more expensive than federal law, which is HIPAA,” he says. “HIPAA only applies when there’s a federal issue involved. State laws apply no matter what.”

Most states have laws in place that make it possible for patients to sue their providers if their privacy is breached. That’s not good on a lot of levels, according to Mr. Thiersch. It’s bad for the practice’s image and staff morale, and there are associated fines and costs with mitigating a breach.

“If you take a selfie in front of an office and manage to capture the computer in the background that has the patient schedule (which has happened), you’ve now got to mitigate the damages. That means sending out notices and maybe self-reporting to either the federal or state government. That costs money,” Mr. Thiersch says.

He cites one case in which a staff member at a practice went home with an office laptop. She put it on top of her car and inadvertently drove away. Someone found the laptop, which was not secure. The doctor ended up spending about $40,000 to mitigate the problem, send out notices and resolve the potential for privacy issues.

In this world of online marketing, aesthetic practices need to think of privacy first.

“Patients want to know that you’re guarding their privacy, zealously,” Mr. Thiersch says. 

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.