Educating Staff About Social Media Risks

As Use Grows, Training Becomes More Important
Educating Staff About Social Media Risks
Healthcare organizations need to broaden their efforts to educate staff about privacy and security issues to include warnings about inappropriate uses of social media, a Harvard University professor advises.

Physicians, nurses and all staff need to be made aware that social media "are the most vulnerable media," says Jonathan Teich, M.D., assistant professor of medicine at Harvard and chief medical informatics officer at Elsevier Health Sciences.

"In every hospital, in every elevator, there's always a sign that says 'remember you shouldn't be discussing patient information in an elevator.' But that elevator conversation, once it has been made, is done. Once you post something on social media, it's there forever."

Healthcare organizations should provide their staffs with examples of what can go wrong when using social media, pointing to potential violations of federal privacy regulations, Teich stresses. For example, a California hospital recently fired five employees because they used social media to post personal discussions about hospital patients in violation of HIPAA.

Use Will Grow

Teich predicts that insurance companies, patient associations, community associations and others will join hospitals and clinics in using social media as a new way to communicate about healthcare issues. These organizations all will "vie for the patient's 'text-top' as they once vied for their desktop," he says.

He predicts widespread use of social media for such purposes as notifying patients about newly available services or updating them about health maintenance steps they should take.

Because of this inevitable growth in social media applications, it's essential to create sound policies setting boundaries for use of the media, Teich adds. "People don't understand the privacy issues involved or just how widely their information will get distributed," he says. "Hospitals and other healthcare organizations have to provide a list of 'do's' and 'don'ts' about social media."

A social media policy, for example, should make it crystal clear that information about an identifiable patient should never be discussed on social media, he notes. But beyond that, a nurse, for example, shouldn't make general statements on social media about the patients on her unit, he adds.

"There can't be anything that describes what's going on with a patient or one's emotional reaction to that patient," he stresses. "It's a matter of understanding that very little on social media stays private."

Education is Key

Staff education about social media policies should be treated as a high priority, much like education about sexual harassment, discrimination or "any other behavior with zero tolerance," Teich says. And staff members must know that if they violate the policy "you're going to be in big trouble," he adds.

Adventist Health System recently created a detailed social media policy for its 37 hospitals supported by an educational effort.

"My strong advice to any organization today is to evaluate social media and communicate to your employees what your expectations are from a professional perspective," says Sharon Finney, Adventist's corporate data security officer. "Be very clear with them that this is not an intent to dictate their private or personal use of this type of media," she adds. Instead, she advises hospitals to stress that their policies regulate the use of social media "from a business perspective as a representative of the organization."

"It is much better to be proactive and communicate and educate than it is to be reactive and discipline and sanction on the back end," Finney adds.

Training on the use of social media should include frequent reminders about refraining from misuse, says Brett Wahlin, an information security officer at McAfee, a security company.

"Just as the Internet changed our lives, the use of social media will officially change businesses at work," Wahlin says. "Being prepared to embrace this change is the only choice left for the organization."

About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.