When faced with incomplete patient data or the need to supplement existing information, healthcare providers might be tempted to use familiar tools like Google. Advice from the American Medical Association suggests, “Although AMA has no ethics policy that specifically addresses Googling patients, Patrick McCormick, chair of the AMA Council on Ethical and Judicial Affairs, said that physicians have a fundamental ethical responsibility to respect patient privacy.” While this approach does not directly violate HIPAA regulations, it is a practice wrapped in ethical complexities.
The act of a physician or healthcare provider using Google or another search engine to find information about a patient falls into a grey area under HIPAA. This is because the information obtained through such means is typically not part of the medical record and is often publicly available. As such, it is not considered PHI in the traditional sense, and HIPAA's stringent rules around the use and disclosure of PHI do not directly apply.
However, this does not mean that there are no ethical or professional implications. HIPAA sets a broader precedent for respecting patient privacy and confidentiality. While it might not explicitly forbid Googling a patient, such actions could be seen as at odds with the spirit of HIPAA.
See also: HIPAA Compliant Email: The Definitive Guide
Although there are many ways in which the research of patients may be used in practice, we are going to be taking a look at a more recognized approach to analyze the ethical dilemma. This practice takes the form known as "Patient-Targeted Googling" (PTG), which stems from the intersection of modern technology with traditional medical ethics. Let us take a look at the main points of contention:
See also: "We're not in a hurry," Google Research Expert discusses responsible use of AI
The internet, as a vast repository of data, includes an array of sources varying in credibility and accuracy. When healthcare providers turn to this digital landscape to gather information about patients, they risk encountering misinformation, outdated facts, or contextually incomplete data. Unlike medical records or direct patient interactions, which are governed by strict standards of accuracy and relevance, the information on the internet is not specifically tailored or verified for medical purposes. This can lead to scenarios where a physician might base their clinical judgments or understanding of a patient's background on erroneous or misleading online content.
But at the end of the day, the decision to research patients using online sources ultimately rests in the hands of healthcare providers.
See also: How to use tracking pixels and be HIPAA compliant
Sharing patient information is a violation when it is done without the patient's consent or for purposes not permitted under HIPAA, such as non-medical reasons.
Protected health information is any information about health status, provision of health care, or health care payment that can be linked to an individual.
The U.S. Department of Health and Human Services (HHS) governs the way PHI is shared by healthcare providers.