What's the evidence?
To be honest, I do not know if there has been an analysis of the content of blogs belonging to health professionals. So I do not know how much the concerns about blogging and confidentially are based in fact or general impressions.
Detecting the risk to security and confidentiality
With two colleagues of mine, Liam Caffrey and Anthony Smith, I looked at the content of emails sent between health professionals who are involved my PhD e-mentoring research. I was concerned that the emails should be kept in a secure, closed email system so that confidentiality could be maintained. But Liam questioned the need to do this - he asked if the health professionals did actually write about things that could cause confidentiality problems?
Developing a risk assessment tool
Liam and I developed an assessment tool by which we were able to anylise the risk to security and confidentiality ranging from 1 — breach of patient confidentiality — indicating a high need for security and privacy of the email’s content, to a score of 8 which had no need for either security or privacy.
- Email contains patient identifiable content where the confidentiality of the patient is breached by identifying medical condition or treatment eg "Mr Smith has liver disease"
- Email contains patient identifiable information but does not disclose medical condition or treatment eg “Mr Smith is a nice man.”
- Email identifies staff member involved in a practice that places them or other staff member at professional risk eg “I accidentally gave a patient an overdose.”
- Email identifies staff member and divulges possible stigmatizing information about themselves or other staff member eg “I am on medication for depression.”
- Email identifies staff member and divulges information that could embarrass themselves or other staff member eg“My supervisor is hopeless.”
- Email identifies staff member and describes a clinical event or professional event eg“I have a patient who is having triplets.”
- Email identifies staff member and divulges personal information about themselves or other staff member eg“I am going for a job interview next week”
- None of the above
The analysis showed that there were no emails that had a score of 1 or 2 ie no emails disclosed patient information. We concluded that there was no need to be concerned about security or confidentiality in this context. But there was an email that scored 3 ie the author disclosed an action that could put her at professional risk so we agreed that there was still a need for caution about what one writes in emails and other electronic forums.
I must admit that this assessment tool is rather crude and it could probably be refined. But it would be interesting to carry out a similar exercise looking at the blogs of health professionals. This might give us a better idea about what health professional disclose online and whether there is a risk of breaching confidentiality. This in turn could help inform decisions made about the development of guidelines.
Journal of Telemedicine and Telecare,