Member Login | About | Contact
American Association of Oral and Maxillofacial Surgeons

Practice Management & Allied Staff News & Materials

Practice Management Matters - Mar/Apr 2010

April 1st, 2010

Can you provide any guidance for using social media sites at the office?

It is becoming more common for doctors to utilize social media sites, such as Facebook, Twitter, blogs and YouTube to communicate with patients, recruit staff and market their practices. But using social media may create compliance risks in areas such as HIPAA and/or state law, Identity theft (Red Flag rules), medical malpractice and possibly cybercrime. The following are steps you can take to minimize your risks:

  1. Create a social networking team. Include appropriate staff to minimize compliance risk - even if you are a solo practitioner. The compliance officer will be the key team member. Educate staff who will network on how to avoid legal and other risks. Set the passwords so you control who has access. A larger practice may create a work team that includes patient care, compliance and information technology staff.

  2. Establish who can use social networking. Allowing everyone to use your practice's social networking accounts raises your compliance risks. Your patients won't thank you when they get Tweets from every member of your practice. Determine who can use social networking and document that those staff members have received the appropriate training.

  3. Determine what staff can write about. HIPAA and applicable state laws will be your main guides. Remind staff that they represent the practice when using your social networking platforms. Establish a response policy for platforms that allow reader input, such as blogs.

  4. Appoint an editor. This is another job for the compliance officer, who should have the final say on what goes out, including the ability to edit or delete posts. Don't forget to change passwords when a staff member leaves.

  5. Separate your social media communication from your other health information technology. Social media creates a heightened risk for cybercrime. Keep your networking posts separate from patient electronic health records and financial information.

  6. Monitor the comments about your practice. This is a great way to see not only compliments, but also complaints, which could lead to open dialogue, resolutions or improved customer care.

This question and answer was adapted and copied with permission from Decision Health. Copyright 2009, Medical Practice Compliance, September 21, 2009.

How would you construct a letter to inform patients about stolen protected health information (PHI)?

Most states have enacted identity theft protection laws, and their provisions specify the information that providers must include in this type of letter. The breach notification provisions of the American Recovery and Reinvestment Act of 2009, Title XIII, Subpart D, also specify the information that covered entities must include in a letter when a patient's PHI is stolen. Knowing which state agency enforces breach notification laws in the state in which an organization operates is sound business practice. Most states can provide a sample letter for use in notifying patients of such thefts.

Generally, organizations must disclose:

  • What information was stolen or breached;

  • When the breach occurred or during what period of time;

  • The likely cause of the breach;

  • Information that patients can use to protect their identities from being stolen (e.g., credit bureau contact information, advice about contacting law enforcement officials or the Federal Trade Commission, and information about requesting a credit freeze);

  • A contact within the organization and that individual's phone number in case patients have questions not answered by the letter; and

  • Steps taken to mitigate damages.

This question and answer was reprinted with permission from HCPro. Copyright 2009, HIPAA Weekly Advisor, October 12, 2009.

Can I terminate a doctor-patient relationship because the patient's mother is unreasonably demanding?

Generally, you can dismiss patients for almost any reason, barring other rules from your payers, professional code(s) of conduct, or state law. However, you will need to word the communication carefully since you need to provide an explanation for the dismissal to avoid being charged with abandonment.

Abandonment has been defined as the unilateral severance by an oral and maxillofacial surgeon (OMS) of the professional relationship between the OMS and patient without reasonable notice to the patient and at a time when there is still the need for continuing treatment. A relationship has been established when a patient reasonably believes that an OMS will provide care. This could be through a telephone call where an OMS agrees to see and treat the patient or when the patient comes into the examining room.

Abandonment needs to be distinguished from an OMS' withdrawal from treatment. An OMS who wishes to withdraw from a case must give reasonable notice of the withdrawal to the patient so that a patient requiring further treatment can obtain such treatment without suffering adverse medical consequences. What constitutes reasonable notice depends on the facts and circumstances of the particular case. It is generally recommended that an OMS provide a minimum of thirty (30) days notice. Factors to be taken into consideration include the condition of the patient, the size of the community and the availability of other OMSs in the community. Greater caution may be required where the patient is seriously ill or has a medical condition making it extremely difficult for the patient to seek treatment elsewhere.

In the written notice, the OMS should inform the patient that he or she intends to end the relationship, specify the type of continued care the patient may require, provide names of alternate OMSs who can provide necessary care and advise that the OMS will provide emergency treatment for the condition for which the patient sought treatment during the notice period. You may obtain sample letters from AAOMS (contact Beth Hayson at 800-822-6637 ext. 4357) and/or your malpractice provider. The OMS should also advise the patient regarding the procedures for transferring the patient's medical records with the patient's written authorization. The notice should be sent to the patient using certified mail with return receipt. While this is not required, certified mail enables you to have appropriate evidence of the notice. If the certified letter is returned for any reason by the postal service, keep it unopened in the patient's file and send another copy of the original letter to the patient by regular mail.

While OMSs have the right to treat patients of their choice, within the bounds of the law, it is important to remember that it is illegal and unethical for an OMS to refuse to treat or continue to treat a patient solely on the basis of disability (e.g. the individual has AIDS or is HIV seropositive), race, color, creed, ethnicity, gender or age. In addition, an OMS cannot refuse to treat a patient of record in need of emergent care simply because the patient owes them money.

This response summarizes issues surrounding patient abandonment, but by no means addresses the numerous situations that could arise in your office. You can obtain additional information regarding patient abandonment issues by contacting your malpractice provider.

This article is not intended as legal advice nor is it advice on the law of any state. If legal advice or other expert assistance is required, the services of a competent professional person should be sought.

Do you have any Practice Management questions that you would like addressed in Practice Management Matters? Please contact Beth Hayson at 800-822-6637 ext. 4357 or For answers to some of the most frequently asked practice management questions, visit the Practice Management FAQ.