Introduction

Social networking has become part of the mainstay of modern society—and it is not just “the young and the restless,” but a majority of all age brackets who use the Internet use social media. A 2014 survey shows that 72 % of all Internet users are active on social media, with 71 % of users accessing it from mobile devices [1]. We have reached a tipping point where popular social networking platforms like Facebook, Twitter, LinkedIn, and the like have become the primary way commerce is conducted. In a healthcare professional environment, then, it is natural to wonder how social networking plays into various aspects of professional life, given that strict privacy and security concerns codified within HIPAA [2] are part of the considerations when it comes to sharing protected health information (PHI).

In this review, we will focus on the role of social communication between healthcare professionals and the role of traditional social networking approaches and also look at some new emerging technologies to address the gaps. We will not focus on the use of in-house tools (moving from paper to electronic health records) nor about connecting electronic health records (EHRs) together via health information exchange [3] hubs or via one-to-one messaging using Direct [4]. We will also not delve into the world of telemedicine, which can be thought of as an extension of EHR connectivity. What we will talk about is social networking and how it impacts clinicians.

The kinds of activities we will want to review can be considered as falling in to several buckets: (1) networking of professionals for broadcast activities such as continuing medical education (CME); (2) social networking for business promotion; (3) social networking for peer collaboration, including both simple communication and collaboration around patient care; and (4) engaging patients on social platforms, with the rise of consumer-originated health sites including data gathered by devices, as well as patient engagement platforms.

Networks for Broadcasting Information: CME

For healthcare professionals, maintenance of ongoing CME is a fact of life. It is necessary for licensure and renewal, for hospital privileges, and for membership in specialty societies.

Using the Internet for CME has become increasingly popular. In 2008, only 9 % of CME was delivered via the Internet [5], but by 2010, this had risen to 40 % [6]. The speculation is that more than half of CME will be from online sources by 2016, with 84 % of physicians stating that they would prefer attending CME events online.

Online CME resources are abundant. Many such activities are offered by specialty societies, where a physician needs to go, log in, and fetch the activity. This can be referred to as “pull” behavior. Other resources that offer online CME promote themselves by mass mailings to physician email addresses, with links to their offering—OpenCME.org and myCME.com are examples of this approach.

However, this kind of mass dissemination is not quite the same thing as a social network. A social network is built up of connections [7]—connections to the network, because of some specific affinity, and then the invitation of friends and colleagues into one’s network in order to share things of common interest. A network may contain specific interest groups that one can voluntarily join, which can be a source of information dissemination. The introduction and dissemination of ideas is thus distributed through channels of personal or professional contacts.

Some professionally oriented networks that are patterned after consumer social networks—such as Doximity.com and Sermo.com—have used their network as a broadcast platform to push CME offerings out to their membership.

This sort of use of social networking can be thought of as “broadcast-based” networking. The participants are fairly anonymous and disconnected from the source but are connected to those sources via networked links. Those networked links, however, may be very casual and may not have much to do with the day-to-day professional life of taking care of patients, and therefore, their value to the participants is really only as useful as the broadcast content flowing out.

Social Networking for Business Promotion

General social networks have a very wide reach. As a result, many businesses use them to promote their services to current or potential customers. A business’ online presence is often the most effective and important way of staying in business. Healthcare practices are no different.

Larger institutions generally have the resources to dedicate personnel to create and manage their online image—hospitals, academic medical centers, and large group practices often pay close attention to their online presence. In fact, new businesses have arisen that offer consumer satisfaction feedback to such hospitals and institutions, giving them dashboards whereby they can monitor social network sentiment about themselves—myPatientPulse.com is an example of such a business. Smaller physician practices often lag behind in online image building but still function in the same environment.

One can consider several elements of business promotion, each of which can have social networking features: (1) one’s practice website, (2) one’s Facebook and Twitter activity, and (3) rating sites that are driven by customer satisfaction and experience. Let us look briefly at each of these.

Practice Website

The majority of physician practices have some form of a website. A survey in 2013 [8] showed that 69 % of physicians had websites, but most of those were mainly electronic brochures with simple biographic information about the clinician and the office. Only 33 % of those physicians had any clinical reference material as part of their site, and only 4 % made at least one blog post in the prior 12 months about healthcare trends and issues.

Clearly, practice websites are thought of as being little more than an electronic version of a “yellow pages” ad. Yet, patients (consumers) use the Internet as a primary assistant when choosing a doctor—77 % of patients used Internet search prior to scheduling an appointment [9]. And getting a website to be maximized for search engine optimization (SEO)—the likelihood that your website comes up high in a listing when patients are looking for services like yours—often relies on skillsets that are quite outside the domain of clinicians.

As a result of this need, a whole host of companies promote themselves as helping medical practices maximize their SEO through website design, blogging, and social media presence. Examples of such companies include MedNet Technologies [10], Medical Web Experts [11], Omni Medical Marketing [12], and Physia [13]. These companies have varying price points, with some being quite affordable for smaller practices.

Social Media Activity

Linked to good website usage, and paying attention to SEO, the use of relevant social media platforms is also important. Creating a Facebook page for the practice, and encouraging patients to “like” it, is a perfectly good use of social media that touches patients. A link to a practice Facebook page should be on the practice website. If the practice has someone who can take responsibility for maintaining a Twitter account, and again use it for non-PHI messaging (such as “we have flu shots now” or other similar content), then include a link to that on the website as well.

The key to effective use of social media for practice promotion is to update and actually use the media channel. That generally means assigning someone in the practice to take that on as part of their job—it could be the clinician or it could be someone else.

Physician Ranking Sites

Outside of healthcare, consumer review websites such as Yelp or Zagat are used routinely for choosing things like restaurants, car dealerships, and the like. Physician ranking sites are also now starting to emerge as a source of information to patients when choosing a physician. HealthGrades.com, RateMDs.com, and Vitals.com are examples of rating sites that one can see if one Googles a physician’s name. A recent survey published in the Journal of the American Medical Association (JAMA) [14•] shows an increasing awareness of the existence of physician ranking sites—65 % of the US population are aware of such sites. Nearly 20 % of patients say that ratings are very important; 40 % said they were somewhat important, and of those who used such sites, 35 % said they picked a doctor based on good ratings, while 27 % reported avoiding those with bad ratings [15].

However, that is not the main driver for patients. According to the JAMA survey, the biggest driver of physician selection are (1) accepting one’s health insurance (89 % very important), (2) convenient location (59 %), (3) physician years of experience (46 %), (4) part of a trusted group (44 %), (5) word of mouth from family and friends (38 %), (6) referral from another physician (34 %), and finally (7) physician rating on websites (19 %).

Social Networking for Peer Collaboration

Communication between peers and other care team members is an active and integral part of healthcare delivery. Often, the tools clinicians have at hand—the in-house EHR systems used in a given institution—simply do not do an adequate job of tracking quick notes needed for handoffs. Even in the age of EHRs, old-fashioned paper notes jotted down and used for care transitions (such as signing one’s patient’s out to the doctor on the next shift at a hospital) are common [16]. Not surprisingly, clinicians have increasingly used technologies easily at their disposal for communications—cell phone text messages (SMS) have often been used for transmitting PHI between clinicians. A survey among pediatric hospitalists in 2012 [17•] showed that 57 % of clinicians send work-related text messages, and 12 % of those surveyed text more than ten times per shift.

The problem with this? SMS messaging is not secure, not HIPAA-compliant. Another 2012 survey [18] showed that physicians are aware of this—64 % of respondents stated they were very concerned over HIPAA compliance of sending PHI over text messages. The penalties for PHI breach can be crushing—up to $50,000 for a single violation of the new HIPAA regulations concerning e-PHI as part of the omnibus final rule [19].

Communication

The solution, then, is a secure messaging platform that is as easy to use as text messaging (and as low cost—texting is basically free, once you have a phone). Secure messaging apps have now come into the market, offering solutions to the dilemma of the need for quick communication (which text messaging addresses) not practical within the messaging platform of the in-house EHRs and at the same time addressing the HIPAA requirements for security and privacy. Imprivata.com, DocHalo.com, TigerText.com, and Group.MD are examples of simple secure text messaging platforms in the market today.

HIPAA compliance for secure messaging involves two concepts: security and privacy. Security means that there is sufficient encryption of transmitted information that someone breaking in to the stream is unable read it. There are regulatory standards [20] that govern the minimum encryption levels needed for HIPAA compliance, and all the secure messaging products on the market achieve this.

The other issue is privacy—making sure that only the right people see the PHI. This involves ensuring that the endpoints of the messaging are validated. Most of the approaches to secure messaging have been as enterprise deployments, meaning that it is up to the Active Directory of the enterprise system to manage identity of its endpoints—something that can be done locally, with local knowledge of the participants.

Moving secure messaging outside of the enterprise, and allowing self-signup of individuals out in the community, requires more rigorous validation. Group.MD has pioneered this extension of secure messaging outside the boundaries of an enterprise. When this is done, then a social media layer is brought to secure messaging. Individuals connect with each other into networks, using invitations from known participants in ways characteristic of other social networks (only on a HIPAA-secured platform).

Collaboration

The next step in using social networks for peer collaboration involves tagging communications with patient data, which can build over time. However, the seemingly simple step of going from basic communication (text messaging over secure channels, with attachments but no building of a universal patient timeline) to identifying a patient and adding to that data—this is actually a very large and very difficult step [21•]. It requires three elements, beyond verifying the validity of the endpoints: (1) rigorous patient identification, so that all the collected data from all the different sources are tagged to the same, “right” record; (2) a scalable universal data model for health information that can capture data from all different EHRs, ambulatory and hospital-based, as well as all other sources of data including devices and consumer-originated data; and (3) sophisticated management of consent and permissions, so that data about a given patient (or subsets of that data) are only visible to the parties that have permission to see it. No small task, but one that FlowHealth.com (the successor to Group.MD) is building.

When patient data is built and tagged by collaboration tools, then the messaging takes on even more social networking characteristics. In addition to inviting contacts to connect onto the platform, management of connections to a patient is also built. One can envision the patient at the center of a hub, with care team members as spokes around that patient—individuals who have a therapeutic relationship with the patient (physicians, hospitals, home health, case managers, etc.). This structure allows for rational building of permissions, akin to one’s network of “friends” on Facebook, where PHI is visible to those with patient-centered permission. This is a new and emerging technology, but one with considerable promise.

Engaging Patients on Social Platforms

Patient engagement is centrally important to improving outcomes of healthcare delivery. To date, the main way of doing that has been through encouraging patients to sign up for and use patient-facing portals offered by EHRs. In fact, Stage 2 of Meaningful Use [22••] sets as a criterion that at least 5 % of a practice’s patients log in at least once and are able to view, download, and transmit their data on demand.

The problem with EHR-linked patient portals is the same as the problem with EHRs in the first place—the data is siloed in the institutions that create them. In a staff-model setting with a wide reach (e.g., Kaiser), the patient portal experience can be satisfying. However, it is still a silo, albeit a larger one. In a smaller, less aggregated practice setting of care delivery, each office may be using their own local EHR, and each one may have a different portal. The “too many portals” effect becomes a deterrent, and usage becomes very selective.

To date, EHR-linked portals (personal health records or PHRs), though potentially helpful in managing chronic illness when used actively by engaged patients, have a low rate of usage among the general public [23]—only 26 % of patients were active PHR users, and the overall impact of PHR availability on outcomes could not be demonstrated. The reason should be self-evident: PHR use implies an engaged, eager party who will want to reach out and use the portal. Pushing prompts out to patients for alerts, reminders, and gaps in care is not done well by EHR-based PHRs.

In an attempt to improve outcomes, text messaging of reminders and prompts to patient’s cell phones has been an increasingly popular option. A recent study published in 2014 [24•] of a program that used daily text messages to diabetic patients showed markedly better self-management and improved glycemic control.

However, HIPAA concerns arise here as well [25]. With clinician-to-clinician transmission of PHI, which involves patient permission (privacy) as well as security, the risks of PHI breach have been discussed above. Texting a patient, however, is an extension of the doctor-patient relationship—it is not clinicians communicating with clinicians about a patient; it is communication between the clinician and the patient. Consent is already given, since one of the parties is the patient him/herself. Privacy is not so much the issue, but security is.

Collaboration tools, as described above, which build patient-centered data from multiple sources, can be expanded to include patients. With the hub-and-spoke architecture of care team relationships around the patient at the center, these kinds of products can well include patients in the conversation. Again, this adds an element of social network behavior to secure collaboration around patient care and patient engagement. It is early in the development of this area of technology but is potentially very significant.

Patient-Originated Data

Most of the focus of patient engagement has been from healthcare professionals out to patients, with a focus on a way of maximizing “getting people to listen.” Simultaneous with these efforts, however, is a whole tidal wave of patient-originated data that has come from consumer sites. Some of the most successful consumer-based health websites have been around affinity programs focusing on a specific issue—weight management sites such as MyFitnessPal.com have experienced usage in the millions [26].

In addition to consumer-based websites, wearable devices are becoming increasingly popular. FitBit.com, for example, captures pedometer activities and shares them with a community of others on their platform. What makes these types of sites and devices popular is the ability for individuals to share their success socially with their network of friends—posting one’s activities on Facebook, for example, with RunTracker.com results in more powerful social feedback than simply keeping one’s successes to oneself.

A challenge for these consumer-based sites, even though they can be shared socially with friends, is that the data collected is still siloed. There is some effort now to pull together multiple consumer data feeds into a consolidated dashboard [27]. However, this consumer-originated data is not generally shared with HIPAA-protected personal health data created by health professionals—at least not as yet.

Some efforts have arisen to push data feeds from certain consumer devices, such as daily weights or blood sugar readings, or self-reported physical fitness successes, directly into EHRs [28]. However, some have argued that this overwhelms physicians and raises liability questions if a physician somehow fails to note something significant but buried in an avalanche of data—the “needle in the haystack” dilemma. Others have argued that this data belongs in a universal patient data layer, which EHRs pull from and push to, and patient-facing tools also interact with, and that shared data with good visualization can be managed with good permission management and analytics tools. This is still a vision for health data in the next few years and is not something we can point to today.

Conclusions

Healthcare data has moved dramatically in the past several years. We have seen the buildup of massive health IT systems within large institutions—such as academic medical centers, community hospitals, and large medical groups—with large-scale enterprise EHRs. We have also seen the rise of EHRs in the cloud, particularly popular with smaller practices. This has been a remarkable change.

We have also seen the rise of the use of quick messaging tools, some appropriate and some inappropriate for HIPAA privacy and security. Physicians use these tools to communicate with each other and with their affiliated care teams.

Clinical practices have also used websites and social media to promote their services, which is an increasingly central method of marketing and has by and large replaced the classic yellow pages ads. Many emerging businesses and consulting services have arisen to help physicians do this more effectively, as such ability is generally outside the scope of healthcare practitioners.

Numerous efforts have also been made to engage patients using texting, secure platforms, portals, and a variety of electronic methods. The success of such outreach methods is sometimes effective but not yet fully blossomed into mainstay practice.

Patient-originated data has enjoyed significant popularity on the consumer side, largely fed by the ability to share one’s personal data socially with friends. Intercalating this data into traditional healthcare data is a new frontier for health IT, and involves carefully managing privacy and permissions, and will likely need for there to be a universal patient data layer in order to become significant—something that breaks the provider-centric silos of current health data and at the same time allows patient-created data a way to be blended. Such technology is currently in its infancy but remains an exciting next phase for health IT.

The delivery of healthcare has traditionally been institution-centric and arguably top-down—so has traditional health IT. As the locus of most healthcare has moved to more ambulatory settings, the delivery of healthcare has become more social. Connected networks around patients, which link providers and consumers to each other around shared patients, is a more contemporary description of the emerging models of care delivery. Parallel with that, the tools which support such a shift—the modern and emerging health IT products coming into play right now—also are more social in nature. The idea of “professional social networking” is really a metaphor for the networked way in which care is evolving. It is also a metaphor for the nature of contemporary health IT.