When Matt Goldstein entered medical school at Stanford, his instructors warned him about keeping Facebook or Twitter pages, saying that social media activity could lead to violations of HIPAA patient privacy rules. As he prepares to begin his residency, Goldstein has once again received the now familiar warning. "I actually just got an email from my residency program, and they cautioned us strongly about social media and about using it judiciously." Medical students and physicians face the choice of either not using social media or using pseudonyms that only friends know in order to avoid violating privacy rules and to steer clear of inappropriate contact with patients. "For me, something like Facebook, which started off as a really powerful social tool to interact with friends and colleagues, in some way became a concerning liability," Goldstein said. Goldstein said his classmates either use online pseudonyms on Facebook, Twitter or LinkedIn accounts, or they have shut down their accounts for fear of unwittingly violating privacy rules. Many have switched to private professional networking sites, which allow them to discuss medical cases in professional forums, seek out colleagues for remote consultations and read up on the latest treatments and outcomes. In a 2009 survey of deans at 130 U.S. medical schools published in the Journal of the American Medical Association, 60% of the respondents reported incidents of students posting unprofessional online content. Violations of patient confidentiality were reported by 13% of those surveyed. Unintentional privacy breaches It may appear obvious that medical students and physicians shouldn't post personal patient information on social networks, but it's not always that simple. For example, two years ago, Dr. Alexandra Thran, a 48-year-old emergency room physician, was fired from Westerly Hospital in Rhode Island and reprimanded for unprofessional conduct by the state medical board for posting information about a patient online. According to a board filing, Thran didn't post the patient's name, but there was enough information that other people could identify the individual. "Folks get into trouble when they think they're not violating patient confidentiality because they don't put the name or put the age down, but you can actually go back and find out information if you know where the doctor works, know the date it was posted," said Dr. Bradley Crotty, chief medical resident at Beth Israel Deaconess Medical Center in Boston and an instructor at Harvard Medical School. Physicians should approach posting on social networking sites in the same way they approach conversations in hospital elevators, Crotty said. It's simply forbidden to discuss cases in a public setting, whether physical or virtual. The potential for medical professionals to get involved in inappropriate activity on social networking sites goes beyond doctors sharing information with colleagues, Goldstein said. Often, such cases don't involve a physician posting information; instead, it could be a situation where a patient is trying to make contact with a doctor. "In some cases, that's nice; it seems to foster a connection between a patient and a physician. But I'm sure you can imagine that it can also be somewhat uncomfortable," Goldstein said. Physician dual-citizenship online Crotty has written about social networking, physician professionalism, and the need for physicians to develop "dual-citizenship" online to separate their public and private profiles. He said it's not uncommon for patients to search on social networking sites for their doctors in order to communicate with them. While he recommends that physicians set their privacy settings to "high" to avoid having patients contact them on public sites, he also said doctors should create separate professional and personal accounts. The professional profiles should contain only contact information and perhaps credentials, Crotty said. For physicians, however, social networking can be more valuable than learning the latest recipe for chocolate cake in a cup or seeing a friend's vacation photos. Social networking sites can be places where physicians get advice from colleagues or share ideas on treatments. Crotty said a doctor seeking a second opinion on a social networking site is the equivalent of a "curbside consult," an off-the-cuff act of one physician asking another for an opinion with no formal arrangement. It's a longstanding practice among physicians, but it isn't recommended. Another ethics conundrum that has come into being with the rise of social networking is whether physicians should peruse their patients' pages on social networking sites. For example, a doctor who gave a patient a prescription for medicine that could have an adverse affect when mixed with alcohol might decide to check out the patient's Facebook page to see if the individual is telling the truth about his drinking habits, Crotty said. "Is that a breach of privacy? Or is it fair game because it's public information?" he said. "There are so many questions that we don't know the answer to." In a recent article in the Society for Academic Emergency Medicine titled " How Facebook Saved Our Day!", a physician describes an incident where medical professionals had to weigh the need to respect a patient's privacy against the need to give her the treatment she needed. It started when a 34-year-old woman was brought into the emergency room displaying "bizarre behavior" and refusing to open her eyes for an examination. The only identification on the well-dressed woman was a business card. Using the information on the card, the physician looked up her Facebook page, and there he found the names of her husband and her primary care physician, both of whom were able to provide information about the patient's medical history, which included bouts of depression. "Not to say it's wrong, but it's something we really need to think about as a profession," Crotty said. "HIPAA is a bill that carries criminal and civil penalties for breaches in confidentiality. So it's something we need to be careful of when you think about how you live with the information you have as a doctor." Private physician social networks Like many hospitals, Beth Israel Deaconess has set up its own messaging site for patients and physicians, called PatientSite. Patients can include up to two pharmacies in their profiles and add as many of their physicians as they like. The site requires users to log in, and thus enables patients and physicians to communicate securely. Beyond hospital walls, a niche industry has emerged to address the desire by physicians to discuss patient cases with colleagues or request information on the latest treatments. Sermo and Doximity are two of the leading providers of online networking sites for physicians. Doximity's physician network on an iPhone. The sites verify physicians' credentials before allowing them to open accounts and begin sharing information with other doctors, either through postings or secure email. For example, one recent posting involved a physician who needed to learn how to remove a wire bristle that had become lodged in a patient's throat. The bristle, from a gas grill cleaning brush, had broken off and become lodged in a hamburger the patient had eaten. "He posted the case because he thought it was rare, but two other doctors had removed wire bristles from patients in the past two months. Now all three are going to write article about how to remove a wire bristle," said Jeff Tangney, CEO of Doximity. Launched a little more than a year ago, Doximity now has 9% of all U.S. physicians as members, according to Tangney. "We have three times as many physicians on our network as LinkedIn has," he said. Sites like Doximity allow specialists and hospitals to form social networking groups, and the information posted by members is only shared within a distinct universe of users. The company generates revenues through physician referrals, including referrals to law firms that pay for expert testimony in court cases and referrals to Wall Street firms seeking physicians' opinions on investments in companies involved in the healthcare industry. For example, a fund manager might be considering an investment in a company that just received FDA approval for a new medical device. A physician familiar with the product would be able to say whether or not the device is useful. Just as with any curbside consultation, however, the quality of the information physicians receive from colleagues on such sites can be questionable, and there are tricky liability issues to consider as well, said Crotty. "What if the treatment they suggested was wrong and you chose the wrong one?" he said. "The thing is, when you get a second opinion, the doctor you're getting the opinion from has no clinical context or clinical relationship with that patient. "I think these networks will be very good for general learning and general advice, but for real collaboration in clinical context, I wouldn't recommend them," Crotty said. Goldstein has been using Doximity since the site launched nine months ago. He said it has a number of tools that are useful for connecting with other medical professionals. The site's user interface is similar to that of LinkedIn; it has a basic user profile, but it's tailored for physicians, he said. Goldstein recently posted a question about a lab result that was confusing, and "in real time I got some interesting responses back," he said. The other physicians offered their own insights and provided references to online resources. Describing how the site helped expand his professional network, Goldstein said, "That's pretty cool to be able to sit in my physician work room here in Palo Alto and have responses coming in from people as far away as Boston and New York." Lucas Mearian covers storage, disaster recovery and business continuity, financial services infrastructure and health care IT for Computerworld. Follow Lucas on Twitter at @lucasmearian, or subscribe to Lucas's RSS feed. His email address is email@example.com. See more by Lucas Mearian on Computerworld.com. Read more about web 2.0 and web apps in Computerworld's Web 2.0 and Web Apps Topic Center.