The Security Scrutinizer with Howard Anderson

A Social Media Policy Checklist

Tips for Preventing Privacy Violations

An informal survey late last year by the American Health Information Management Association found that a little more than half of organizations had a formal social media policy in place, says Cecilia Backman, associate director of health information management at Parkland Health and Hospital System in Dallas. Backman, who collaborated on the survey project, was a speaker at this week's AHIMA Legal Electronic Health Record Summit.

Staff members at hospitals and clinics need to be aware that social media sites do not use encryption and are fundamentally unsecure, Backman stressed. Thus, they must make sure that information about patients is never posted on any social media site, such as Facebook and Twitter.

Privacy Precautions

Steps that organizations can take to minimize the risks involved in using social media, Backman said, include:
  • Conduct a social media risk analysis that addresses operational and well as technical issues;
  • Develop a formal social media policy that addresses all identified risks and covers staff as well as volunteers, contractors and independent practitioners - anyone who might have access to patient information;
  • Spell out in the policy expectations for the ethical behavior of those who create content for social media sites on behalf of the organization or use social media in any way, both at work or on their personal time;
  • Specify sanctions for violations of the policy and provide extensive annual staff training;
  • Modify medical staff rules, employee privacy agreements as well as business associate agreements to address the use of social media; and
  • Monitor mentions of your organization on various social media sites to guard against potential health information breaches.
We certainly want to use social media, but we have to be able to ensure the privacy and security of patient information. 

When it comes to social media, "We need to tread lightly and carefully as we move ahead," Backman stressed. "We certainly want to use social media, but we have to be able to ensure the privacy and security of patient information."

Preliminary results of HealthcareInfoSecurity's inaugural Healthcare Information Security Today survey show that 55 percent of respondents say their organization has a formal social media security policy in place. Of those, 40 percent have taken disciplinary action for violations of the policy.

There's still time to participate in the survey to help us provide you with a detailed overview of the privacy and security policies of healthcare organizations. We'll be reporting on all the results in the weeks to come.

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.