The Security Scrutinizer with Howard Anderson

A Social Media Wake-Up Call

A Social Media Wake-Up Call

A California hospital this week announced plans to fire five employees and discipline another because they used social media to post personal discussions concerning patients. And you don't want your organization to be the next one in the headlines.

The time has come to:

You don't want your organization to be the next one in the headlines. 

  • Create a policy prohibiting the posting of any patient information on social media, and then educate your staff about the policy;
  • Make it clear anyone violating the policy will be fired;
  • Point out that under the HITECH Act, violations of the HIPAA privacy and security rules carry stiffer penalties and apply to both individuals as well as the organizations where they work.

Details on the California case remain sketchy, but local media reports said it involved the use of Facebook. Executives at Tri-City Medical Center in Oceanside said they have "not yet identified any evidence that patient names, photographs, or similar identifying information was posted by these employees. But our investigation yielded sufficient information to warrant disciplinary action."

A growing number of healthcare organizations are developing specific security policies for the use of social media. For example, Adventist Health System recently spent six months crafting a detailed policy, says Sharon Finney, corporate data security officer.

Finney says reaching a consensus on the policy was a tough chore, but well worth the effort. That's because Adventist can't afford to risk HIPAA violations as its marketing and education departments make greater use of social media.

"My job is to make sure private information doesn't reach social media," Finney says.

Every healthcare security officer needs to come to the same conclusion. Quickly.

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.