Outdated Web Policies Expose Hospitals to Professional and Legal Trouble

HIPAA is another concern hospitals should address in their online policies and in any e-professionalism training.

Residents, faculty, or program managers who blog need to be sure they do not engage in unauthorized disclosure of protected health information in their posts, says Reece Hirsch, Esq., of Sonnenschein Nath & Rosenthal, LLP, in San Francisco. Doing so is a HIPAA violation.

The danger for hospitals is when healthcare workers think they're doing enough to generalize the patient's information in their online post, but they're really not, Hirsch says. Patient data must be de-identified before it can be posted online. The JAMA study reports that 13% of medical schools found violations of patient information on medical students' online pages.

Reviewing HIPAA in the context of blogs, Twitter, Facebook, and MySpace is a must to protecting yourself from legal liabilities.

Also keep in mind that Web 2.0 fads will fade as soon as Web 3.0 is invented. Try to keep up with what's hot—you don't want your presentation to be dated. This is easier said than done, says Spector. "Technology moves so fast, and we've always been behind in knowing what's coming and the potential misuses residents and medical students may find," she says.