Should Doctors ‘Google’ Their Patients?

Beware of what you share. Employers now routinely utilize internet search engines or social network searches to obtain information about job applicants. A survey of 2,184 hiring managers and human resource professionals conducted by the online employment website CareerBuilder.com revealed that 39% use social networking sites to research job candidates. Of the group who used social networks to evaluate job applicants, 43% found content on a social networking site that caused them to not hire a candidate, whereas only 19% found information that that has caused them to hire a candidate.

The top reasons for rejecting a candidate based on information gleaned from social networking sites were provocative or inappropriate photos/information, including information about the job applicants' history of substance abuse. This should not come as a surprise to job applicants in the US. After all, it is not uncommon for employers to invade the privacy of job applicants by conducting extensive background searches, ranging from the applicant's employment history and credit rating to checking up on any history of lawsuits or run-ins with law enforcement agencies. Some employers also require drug testing of job applicants. The internet and social networking websites merely offer employers an additional array of tools to scrutinize their applicants. But how do we feel about digital sleuthing when it comes to relationship that is very different than the employer-applicant relationship – one which is characterized by profound trust, intimacy and respect, such as the relationship between healthcare providers and their patients?


The Hastings Center Report is a peer-reviewed academic bioethics journal which discusses the ethics of "Googling a Patient" in its most recent issue. It first describes a specific case of a twenty-six year old patient who sees a surgeon and requests a prophylactic mastectomy of both breasts. She says that she does not have breast cancer yet, but that her family is at very high risk for cancer. Her mother, sister, aunts, and a cousin have all had breast cancer; a teenage cousin had ovarian cancer at the age of nineteen; and that her brother was treated for esophageal cancer at the age of fifteen. She also says that she herself has suffered from a form of skin cancer (melanoma) at the age of twenty-five and that she wants to undergo the removal of her breasts without further workup because she wants to avoid developing breast cancer. She says that her prior mammogram had already shown abnormalities and she had been told by another surgeon that she needed the mastectomy.

Such prophylactic mastectomies, i.e. removal of both breasts, are indeed performed if young women are considered to be at very high risk for breast cancer based on their genetic profile and family history. The patient's family history – her mother, sister and aunts being diagnosed with breast cancer – are indicative of a very high risk, but other aspects of the history such as her brother developing esophageal cancer at the age of fifteen are rather unusual. The surgeon confers with the patient's primary care physician prior to performing the mastectomy and is puzzled by the fact that the primary care physician cannot confirm many of the claims made by the patient regarding her prior medical history or her family history. The physicians find no evidence of the patient ever having been diagnosed with a melanoma and they also cannot find documentation of the prior workup. The surgeon then asks a genetic counselor to meet with the patient and help resolve the discrepancies. During the evaluation process, the genetic counselor decides to ‘google' the patient.


The genetic counselor finds two Facebook pages that are linked to the patient. One page appears to be a personal profile of the patient, stating that in addition to battling stage four melanoma (a very advanced stage of skin cancer with very low survival rates), she has recently been diagnosed with breast cancer. She also provides a link to a website soliciting donations to attend a summit for young cancer patients. The other Facebook page shows multiple pictures of the patient with a bald head, suggesting that she is undergoing chemotherapy, which is obviously not true according to what the genetic counselor and the surgeon have observed. Once this information is forwarded to the surgeon, he decides to cancel the planned surgery. It is not clear why the patient was intent on having the mastectomy and what she would gain from it, but the obtained information from the Facebook pages and the previously noted discrepancies are reason enough for the surgeon to rebuff the patient's request for the surgery.

Two groups of biomedical ethics experts then weigh in on the case and the broader question of whether or not health care professionals should ‘google' patients. The first group of ethics experts feels that uninvited patient ‘googling' is generally a bad practice for three main reasons:

1. It allows healthcare professionals to withdraw from their patients and start relying on online data and information gleaned from social networking sites instead of interacting with the patient and addressing the key issues head-on.
2. The ‘googling' of patients erodes the trust between the healthcare professional and the patient. Patients might feel a sense of betrayal that the healthcare professional "spied" on them.
3. An internet search or review or social network pages linked to the patient represents an invasion of the privacy of the patient. The patient should have the right to decide what information to disclose and what not to disclose, but by surreptitiously obtaining this information, the healthcare provide circumvents the right to privacy of the patient.

A separate panel of reviewers arrives at a very different conclusion and specifically points to this case as an example where it was imperative to ‘google' the patient. As this panel points out, the genetic counselor used a legal method to search the internet and found information on public Facebook profiles after having found many red flags and inconsistencies in the patient's medical history. By finding the information on Facebook, the surgeon and the counselor were able to prevent a self-injurious, deceptive and possibly fraudulent scheme of the patient to go forward. This panel of experts goes as far as saying that it would have actually been irresponsible to not perform the Google search after all the red flags and inconsistencies were identified.
As with all ethical dilemmas, it is difficult to find the correct answer. The first panel brings up good points that the relationship between a healthcare professional and a patient is characterized by trust and respect of privacy, but I tend to agree with the second panel in the case of this patient. It illustrates that the ‘googling' was able to avert an unnecessary and irreversible surgery. This was not just an indiscriminate ‘googling' or searching of private information on Facebook pages. The action was prompted by very real concerns about contradictory information regarding the patient's medical history. On balance, the benefit of avoiding the unnecessary surgery probably outweighed the risk of harming the trust between the healthcare professional and the patient – one which was already undermined by the patient's deception.

This case is rather unusual because it is probably quite rare that a surgeon or a genetic counselor would find valuable information on a patient by merely searching Google or Facebook for information. The type of information that could be of value to most healthcare providers is not usually disclosed on public sites or social network pages. For example, a cardiologist may be interested in finding out why a patient's cholesterol levels are not decreasing despite being placed on optimal medications and being advised to cut down the dietary intake of cholesterol. The cardiologist may suspect that the patient is not really taking the medications or perhaps eating much more dietary cholesterol than the patient is willing to disclose during the doctor's visits. However, it is unlikely that the patient's Facebook page will chronicle whether or not the patient secretly eats cheese omelets on a daily basis or chooses not to take his cholesterol medications.

On the other hand, other healthcare professionals could find important diagnostic clues when reviewing the Facebook page of a patient. Psychiatrists or psychologists may be able to get a much better sense of a patient's mental health and functioning by reviewing the daily posts and interactions of a patient with friends and family members instead of just having to rely on the brief snapshot when they interview the patient during a 30 minute visit.

The study ""To Google or not to Google: Graduate students' use of the Internet to access personal information about clients." by the psychologists DeLillo and Gale surveyed 854 students enrolled in clinical, counseling, and school psychology doctoral programs in the United States and Canada, asking them how they felt about using Google or social networking websites to learn more about their clients/patients. Interestingly, two-thirds of the psychologists-in-training felt that it was never acceptable or usually not acceptable to use web search engines in order to find additional information about their clients. This feeling was even more pronounced when it came to social networking sites: 76.8% of the students thought that this was never acceptable or usually not acceptable.

However, despite these feelings, 97.8% of the students had searched for at least one client's information using search engines such as Google, whereas 94.4% had searched for at least one client's information using social networking websites. Importantly, 76.8% of the therapists who had conducted the searches for client information on social networking sites also reported that it was either always or usually unacceptable! This suggests a significant dissonance between the ethical perception of the therapists and their actions. Furthermore, more than 80% of the therapists who had conducted the searches said that their clients were aware of the internet and social networking searches they were conducting.

The case study with the patient requesting the mastectomy and the high prevalence of using the internet to perform searches on patients/clients by psychologists highlights the ethical dilemmas that are emerging in our culture of digital sharedom. The internet with its often very public display of individual information may be a powerful tool for certain healthcare professionals, but we also need to develop ethical guidelines for how healthcare professionals should use this tool. For medical procedures and tests, healthcare professionals have to obtain informed consent from their patients, discussing the risks and benefits of the procedure or test. Should healthcare professionals also obtain informed consent from patients before they pry into their social media networks? Or would that defeat the purpose because the patients might change the privacy settings or change the content of their posts, knowing that healthcare professionals might be reviewing them? Should healthcare professionals in specialties such as psychology and psychiatry ‘google' all their patients – just like they now ask questions about substance abuse to all patients – or only if there are certain red flags?

The survey of psychologists-in-training highlights the cognitive dissonance that healthcare professionals may experience: They may reject such searches on their clients or patients in the abstract, but they may still choose to perform the searches, probably because they think it will allow them to provide better care for their clients and patient. Instead of relying of idiosyncratic decisions made by professionals, we have to establish the ethical ground-rules for how healthcare professionals can use search engines or social networking sites when obtaining information about individuals. We may have become so accustomed to invasions of our privacy by government agencies and corporations that we sometimes forget that privacy is instrumental in maintaining our individuality. Especially in relationships that are founded on an extraordinary degree of trust, such as those between healthcare professionals and their patients or clients, we need to ensure that this trust is not eroded by the dark side of sharedom.

Acknowledgements: I would like to thank Ryan Hunt from CareerBuilder for clarifying the survey results. An earlier version of this article was first published on  the 3Quarksdaily blog.

References:

1. Rebecca Volpe, George Blackall, and Michael Green; and Danny George, Maria Baker, and Gordon Kauffman, "Googling a Patient" Hastings Center Report 43, no. 5 (2013): 14-15.
2. DiLillo, David; Gale, Emily B. "To Google or not to Google: Graduate students' use of the Internet to access personal information about clients."Training and Education in Professional Psychology, Vol 5(3), Aug 2011, 160-166. doi: 10.1037/a0024441

Volpe R, Blackall G, & Green M (2013). Case study. Googling a patient. Commentary. The Hastings Center report, 43 (5), 14-5 PMID: 24092585





  DiLillo, D., & Gale, E. (2011). To Google or not to Google: Graduate students' use of the Internet to access personal information about clients. Training and Education in Professional Psychology, 5 (3), 160-166 DOI: 10.1037/a0024441

Enduring Sharedom

"The most radical revolutionary will become a conservative the day after the revolution."

                                                                                                     —Hannah Arendt

The revelations by the whistleblower Edward Snowden that the NSA (National Security Agency) is engaged in mass surveillance of private online communications between individuals by obtaining data from "internet corporations" such as Google, Facebook and Microsoft as part of a covert program called PRISM have resulted in widespread outrage and shock. The outrage is understandable, because such forms of surveillance constitute a major invasion of our privacy. The shock, on the other hand, is somewhat puzzling. In the past years, the Obama administration has repeatedly demonstrated that it is willing to continue or even expand the surveillance policies of the Bush government. The PATRIOT Act was renewed in 2011 under Obama and government intrusion into our personal lives is justified under the mantle of "national security". We chuckle at the absurdity of obediently removing our shoes at airport security checkpoints and at the irony of having to place Hobbit-size toothpaste tubes into transparent bags for a government that seems to have little respect for transparency. Non-US-citizens who reside in or travel to the United States know that they can be detained by US authorities, but even US citizens who are critical of their government, such as the MacArthur Genius grantee Laura Poitras, are hassled by American authorities. Did anyone really believe that the Obama administration with its devastating track record of murdering hundreds of civilians - including many children – in drone attacks would have moral qualms about using the NSA to spy on individual citizens?


The Stasi analogy

One of the obvious analogies drawn in the aftermath of Snowden's assertions is the comparison between the NSA and the "Stasi", the abbreviated nickname for the "Ministerium für Staatssicherheit" (Department of State Security) in the former German Democratic Republic (GDR or DDR).  Articles referring to the "United Stasi of America" or the "Modern Day Stasi-State" make references to the massive surveillance apparatus of the East German Stasi, which monitored all forms of communications between citizens of East Germany, from wire-tapping apartments, offices, phones and secretly reading letters. The Stasi "perfected" the invasion of personal spaces – as exemplified in the Oscar-winning movie "The Lives of Others". It is tempting to think of today's NSA monitoring of emails, Facebook posts or other social media interactions as a high-tech version of the Stasi legacy. A movie director may already be working on a screenplay for a movie about Snowden and the NSA called "The Bytes of Others". However, there are some key differences between the surveillance conducted by the Stasi and the PRISM surveillance program of the NSA.  The Stasi was a state-run organization which was responsible for amassing the data and creating profiles of the monitored citizens. It did not just rely on regular Stasi employees, but heavily relied on so called IMs – "inoffizielle Mitarbeiter" or "informelle Mitarbeiter" - informal informants. These informal informants were East German citizens who met with designated Stasi officers, reporting on the opinions and actions of their friends, colleagues and relatives and at times aiding the Stasi in promoting state propaganda. In the case of the PRISM program, the amassing of data is conducted by private "internet corporations" such as Facebook, Google and Microsoft, who then share some of the data with the state. Furthermore, instead of having to rely on informal informants like the Stasi, "internet corporations" simply rely on the users themselves who readily divulge their demographic information, opinions and interests to the corporations.

Corporate erosion of our privacy

It seems strange that the outrage ensuing after the PRISM revelations is primarily directed at the US government and the NSA, but not at the corporations which are invading our privacy. Criticisms of the role that private corporations have played in the PRISM program primarily focus on the fact that these corporations divulged the information to the government, but seem to ignore the fact that corporations such as Facebook, Google and Microsoft continuously invade our privacy and use our data for their own marketing goals or share it with their clients. Centuries of persecution and oppression by governments - monarchs, dictators or democratically elected governments - have sensitized us to privacy invasion by governments, but we seem to have a rather laissez-faire attitude when it comes to corporate invasion of our privacy. In fact, we associate the expressions "corporate espionage" or "corporate surveillance" with corporations spying on each other but not necessarily with them spying on us. If we had found out the US Postal Service kept track of how many letters we send to certain recipients, perhaps even scanned our personal letters for certain keywords and then used this information for its own marketing purposes or sold it to interested parties, most of us would have considered this an egregious violation of our privacy. Yet we know that "internet corporations" such as Google and Facebook routinely practice this form of privacy invasion. In our neoliberal world of unfettered capitalism, the state is increasingly answering to corporate interests while ignoring the concerns of citizens. We have to ask ourselves whether such an eviscerated state is the only threat to our civil liberties, or whether we need be more sensitive to violations of our privacy and liberties by private corporations.

Long before the leak of the PRISM documents, critics such as Evgeny Morozov in "The Net Delusion", Rebecca MacKinnon in "Consent of the Networked" or Robert McChesney in "Digital Disconnect" warned us about the invasion of  rivacy by "internet corporations" which are collecting information about us. We do not have to pay to use Google and Facebook, but the reason why these for-profit corporations offer us "free" services is because they use and market the information we unwittingly provide them. This type of information-gathering is probably legal, because when we sign up for accounts, most of us agree to their terms and conditions. Even if new laws or regulations are enacted after the PRISM scandal to limit surveillance, it is likely they will only pertain to how government agencies manage information on individuals or how corporations convey such information to government agencies, but it is unlikely that new laws will limit the information gathering for corporate benefits.

Why is it that we tend to be so lenient towards "internet corporations"? One reason may be the mythopoesis surrounding the "internet". Instead of viewing Silicon Valley executives of "internet corporations" as capitalists who sell our privacy for profit, we envision them as benevolent, entrepreneurial hipsters who eat organic quinoa salads and donate some portion of their profits to philanthropic causes. Some of us may buy into the myth of the egalitarian nature of the "internet". The "internet" is not egalitarian, especially not when it comes to the sharing and marketing of information by corporations. For example, there is a fundamental asymmetry when Facebook collects data on its users but does not feel compelled to reveal exactly how it uses the information. Jeff Jarvis, a vocal supporter of "internet corporations" has already expressed concern that users may start questioning their blind trust in the "internet" as a consequence of the PRISM revelations, skillfully avoiding  a discussion of corporate privacy invasion. This strategy of placing all the blame for privacy violations on the government may be the best strategy for corporations. Google's attempt to challenge the US government, asking for permission to disclose any data requests from the NSA, enables Google to portray itself as a knight in shining armor and evade the far more uncomfortable discussion of corporate uses and abuses of amassed data.

Culture of sharedom

Evgeny Morozov's recent book "To Save Everything Click Here" provides an excellent insight into the mythos of the "internet". The physical internet consists of computers, routers and servers that are connected to each other, whereas the mythical "internet" is a cultural icon to which god-like powers are ascribed. Morozov refers to this ideology as "internet-centrism". The ideology of "solutionism", a term borrowed from the world of architecture and urban planning, refers to:

…an unhealthy preoccupation with sexy, monumental, and narrow-minded solutions— the kind of stuff that wows audiences at TED Conferences— to problems that are extremely complex, fluid, and contentious.

"Solutionism" and "internet-centrism" can act in concert, creating a virtuous cycle in which the mythical "internet" is seen as a means to provide the ultimate solutions to the problems of humankind. This view of the "internet" and the afore-mentioned neoliberal awe of Silicon Valley entrepreneurs all may contribute to why privacy invasions by internet corporations are forgiven or ignored.
One additional cultural phenomenon that has allowed "internet corporations" to erode our privacy is that of sharedom, the incessant and growing desire to share our opinions and details of our personal lives with a broad audience. Just like "solutionism" or neoliberalism, sharedom is not a product of the "internet", but it has become a major fuel for the mythical "internet". Sharedom is just another word for nothing left to hide. Reality television, for example, is a manifestation of sharedom. The MTV reality TV show "The Real World" was first broadcast in 1992 when the "internet" was still in its embryonic stage. Millions of viewers could watch minute details of the lives of strangers living in a house together. One may view reality TV as a form of mass exhibitionism and mass voyeurism, but as Mark Greif has pointed out, one of the key aspects of reality TV was that it allowed viewers to "judge" the people they were observing. While reality TV only allowed a small group of people – selected from thousands of applicants – to "share" their lives with a broad audience, the "internet" gradually enabled everyone with an online connection to share their lives. We started living in transparent cages - Massive Open Online Cages (MOOCs) - and the "internet" permitted the audience to give instant feedback by passing online "judgments", such as leaving comments on social media posts or blog posts. This culture of sharedom was an unexpected bounty for "internet corporations", because it not only made us less cautious about our privacy but also supplied them with massive amounts of free personal data that could be marketed.

Privacy trade-offs

We often hear about the trade-off between privacy and security and the need for an optimal balance, which maximizes the privacy of the individual while maintaining the security of our society. This sounds like a reasonable argument, but it ignores the fact that this is not the only privacy trade-off. Corporations are interested in maximizing their profits and since individual data is a marketable commodity, their interest is to find a balance between maximal profit and maintaining some degree of privacy for users that makes them feel comfortable enough to share personal data that can be marketed. In addition to this trade-off between profits and privacy, the culture of sharedom also creates the trade-off between publicity and privacy. Jill Lepore has recently discussed the challenges of this trade-off in an essay in the New Yorker:

In the twentieth century, the golden age of public relations, publicity, meaning the attention of the press, came to be something that many private citizens sought out and even paid for. This has led, in our own time, to the paradox of an American culture obsessed, at once, with being seen and with being hidden, a world in which the only thing more cherished than privacy is publicity. In this world, we chronicle our lives on Facebook while demanding the latest and best form of privacy protection—ciphers of numbers and letters—so that no one can violate the selves we have so entirely contrived to expose.

Another form of trade-off is that of convenience versus privacy. Using a website such as Amazon to purchase products offers a lot of convenience: It remembers which products we have previously bought, it offers targeted recommendations for new or related products that may be of interest based on our profile, and it even remembers which products we recently browsed. The more we use Amazon, the more accurate their profile of our interests becomes, as evidenced by the accuracy of Amazon's recommendations for new purchases. All we have to offer Amazon in exchange for this convenience is a window into the privacy of our soul.
I remember coming across the expression "Faustian bargain" to describe how we exchange our privacy for the sake of convenience. When Goethe's Faust agreed to serve the devil Mephistopheles in the after-life, he was rewarded with youth and a beautiful lover. We may not approve of Faust's choice, but his deal at least merits some consideration. We currently sacrifice our privacy for the benefit of corporate profits and in exchange receive free shipping, targeted ads and coupons. No youth, no lovers. Our deal does not even rise to the level of a "Faustian bargain".

Silent Listeners

The recent study "Silent Listeners: The Evolution of Privacy and Disclosure on Facebook" conducted by researchers at Carnegie Mellon University monitored the public disclosure (information visible to all) and private disclosure (information visible to Facebook friends) of personal data by more than 5,000 Facebook users during the time period 2005-2011. The researchers identified two opposing trends. Over time, Facebook users divulged less and less personal information such as birthdates, favorite books or political information to the public. On the other hand, the researchers also noticed a trend of revealing more personal information to Facebook friends. Apparently, there was a growing awareness of how public disclosures can compromise privacy, but users were also emboldened to reveal more personal information when they deemed their audience to be trustworthy.  As the researchers correctly pointed out, these "private disclosures" are always available to Facebook itself, third-party apps and to advertisers, referred to as "silent listeners" by the researchers. This is a key point when it comes to privacy settings on social media websites. Users are able to control how much information is displayed to other individuals and future laws and regulations may protect users by curtailing disclosures to government agencies, but information disclosures to the company that provides the service itself and its corporate clients are often beyond our control.
The poll "Teens, Social Media and Privacy" conducted by the Pew Research Center confirmed this lack of concern about third-party access to personal data in a group of 632 teenagers. Overall, 60% of teenagers said that they were either not at all concerned or not too concerned about third-party access (such as advertisers or third-party apps) to their personal information. Only 9% were very concerned about it. Individual comments made by teenagers in a Pew focus group further underscore this cavalier attitude towards corporate access to personal data:

Male (age 16): "It's mostly just bands and musicians that I ‘like' [on Facebook], but also different companies that I ‘like', whether they're clothing or mostly skateboarding companies. I can see what they're up to, whether they're posting videos or new products... [because] a lot of times you don't hear about it as fast, because I don't feel the need to Google every company that I want to keep up with every day. So with the news feed, it's all right there, and you know exactly."
Male (age 13): "I usually just hit allow on everything [when I get a new app]. Because I feel like it would get more features. And a lot of people allow it, so it's not like they're going to single out my stuff. I don't really feel worried about it."

Value of privacy

The revelations about how the government is using surveillance data obtained by "internet corporations" should prompt a broad debate of how we value privacy, especially because it is difficult to affix a price-tag on this intangible non-commodity. This debate will hopefully lead to greater transparency in regards to how governments access and handle personal information. However, it is important to also raise awareness of the potential abuse of personal information by private corporations. If we truly value our privacy, we need to develop methods that restrict government and corporate access to our personal data. In the process we will have to unravel our myths surrounding internet-centrism, solutionism and sharedom.

Image Credits: Automated envelope sealer used by the Stasi to close opened letters after review of the letter contents (image by Appaloosa - Wikimedia Commons), a Stasi surveillance post (image by Lokilech - Wikimedia Commons)

Note: An earlier version of this article was first published on 3quarksdaily.com

  Fred Stutzman, Ralph Grossy, & Alessandro Acquistiz (2012). Silent Listeners: The Evolution of Privacy and Disclosure on Facebook Journal of Privacy and Confidentiality