The Security Scrutinizer with Howard Anderson

Social Media and 'Zero Tolerance'

Social Media and 'Zero Tolerance'

That's the spot-on advice from Jonathan Teich, M.D., assistant professor of medicine at Harvard University and chief medical informatics officer at Elsevier Health Sciences.

Creating a social media policy should be a top priority as more hospitals, clinics, insurers and others make wider use of the media for such purposes as marketing new services and as more staff members make personal use of Facebook, Twitter, LinkedIn, MySpace and other social networks.

Surely you're better off taking the time to educate your staff about the importance of keeping patient information off of social media than dealing with a HIPAA privacy rule violation. 

Surely you're better off taking the time to educate your staff about the importance of keeping patient information off of social media than dealing with a HIPAA privacy rule violation.

Here's how Sharon Finney, Adventist Health System's corporate data security officer, puts it: "It is much better to be proactive and communicate and educate than it is to be reactive and discipline and sanction on the back end."

Beyond banning discussions about specific patients on social media, a policy should warn against, for example, a nurse making general statements on social media about the patients on her unit, Teich says.

"There can't be anything that describes what's going on with a patient or one's emotional reaction to that patient," he stresses. "It's a matter of understanding that very little on social media stays private."

As mentioned in an earlier blog, it's important to make it clear that anyone exposing protected health information on social media will be fired. And be sure to point out that under the HITECH Act, violations of the HIPAA privacy and security rules carry stiffer penalties that apply to both individuals as well as the organizations where they work.

Adventist Health System recently created a detailed social media policy, with tough sanctions, for its 37 hospitals, supported by an educational effort. "My strong advice to any organization today is to evaluate social media and communicate to your employees what your expectations are from a professional perspective," Finney says.

Training on the use of social media should include frequent reminders about refraining from misuse, says Brett Wahlin, an information security officer at McAfee, a security company.

So stop procrastinating. Create a social media policy this year. Educate your staff on how to comply. Then remind them about prohibited practices. Otherwise, you risk violating your patients' privacy. And that's a risk that can prove costly.



About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.