I’m attending the mHIMSS Virtual Briefing: Securing Protected Health Information held today from 12PM ET-3:15PM ET online at HIMSSVirtual.org. The event features several sessions on the best practices for mobile device use, BYOD (Bring Your Own Device) policy and practice; secure use of social media; and secure provider-patient communication.
The virtual event focuses on the challenge of maintaining mobile security while taking advantage of new technology to more efficiently and cost-effectively track patient health, convert to EHRs, share patient information and more.
Online Tech is an official Platinum Corporate Member of HIMSS, and we’ll be exhibiting our HIPAA hosting solutions at HIMSS ‘13 in New Orleans from March 3-7. Check us out at Booth #1369!
Secure Use of Social Media: Ensuring the Privacy of Protected Health 12:45 PM-1:00 PM ET
Speaker: Lisa A. Gallagher, BSEE, CISM, CPHIMS
Senior Director, Privacy and Security, HIMSS
Description: Hospitals have recognized the benefits of social media and are increasingly using it within their organizations for a variety of purposes – from professional collaboration and patient engagement to marketing and workforce recruitment. However social media presents several challenges within the organization, among these are the security and privacy risks associated with its use related to personal health information. In this session, these risks will be defined and effective, practical strategies to address them will be discussed.
Learning Objectives:
Understand the importance of managing the privacy and security dimensions of social media.
Identify the major risks for information breaches in social media
Using best practices, design and adopt policies to address those risks and minimize exposure while taking full advantage of social media in communicating with patients.
Social media offers an engaging way to interact with a population. Which social networks are U.S. hospitals using? See below:
US Hospitals and Social Networks
What is healthcare using social media for?
Managing conversation/interaction
Marketing/brand management
Manage Google rankings, web hits – more technical way to measure how your brand comes up in a Google search
Engage e-patients – patients are increasingly more tech-savvy and already on social networks.
Promote wellness – having awareness programs and using social media to promote them.
Care management/care coordination – specific healthcare-related social media platforms allow clinicians to share information securely and even collaborate securely with patients
Professional collaboration
Consumer, patient, professional education – easy to deliver educational content.
Clinical trial recruitment
Workforce recruitment
Challenges
Liability
Ethical – employees may conduct themselves in a way not aligned with company’s policies; personal use may be unrestricted
Security – an increasing number of security risks by hackers – online scams, password guessing, viruses and infected applications are examples. With data leakage, an employee can disclose patient identifiable information that shouldn’t be on social media channels.
Ability to be responsive/bandwidth – patient interaction and response time are important within a dynamic environment.
Control/monitoring employee behavior
Invites negative comments/feedback – whenever an open forum is involved, you are inviting negative comments, and it should be expected. A plan should be in place to deal with negativity to protect the brand.
Dominance of the loud and opinionated – certain users can be negative or dominate the conversation, so there should be ways to monitor, deal with and remove content.
Ownership of data – this issue is quite complicated. There is no hard and fast rule about who owns the data. Within the legal community, the consensus is that it is difficult to apply copyright and trademark policies to online data (sidenote: DMCAs may be helpful).
Policy: Professionalism in the Use of Social Media (Example from the AMA, American Medical Association)
Especially relevant to the professional individual:
Be cognizant of standards of patient privacy and confidentiality
Use privacy settings to safeguard personal information and content to the extent possible
Monitor their own Internet presence to ensure that the personal and professional information on their own sites and, to the extent possible, content posted about them by others, is accurate and appropriate
Maintain appropriate boundaries of the patient-physician relationship in accordance with professional ethical guidelines
Consider separating personal and professional content online
If you see content posted by colleagues that appears unprofessional, he or she can be removed. If significantly violates professional norms and is not removed, report the matter to appropriate authorities
Recognize that actions online and content posted may negatively affect their reputations among patients and colleagues, may have consequences for their medical careers (particularly for physicians-in-training and medical students), and can undermine public trust in the medical profession
Do’s & Don’ts DO: “Engage and Educate”
Have policies and procedures for your organization
Train your staff, monitor employee behavior
Know where social media is being used – Depts. and people. Do an inventory of current social media and what topics are being discussed.
Use social media to share information that promote quality health care and up-to-date medical information
Recognize that you represent your profession and/or organization
DON’T: “Diagnose or Treat”
Discuss individual patient’s illnesses, medical conditions, or personal information online – can be a liability
Share confidential information about patients or the organization
Give clinical advice or diagnosis
Let questions, inquires, posts go unanswered – this can be very frustrating to users.
Let just anyone speak for your organization – designate certain users that can represent your organization.
Elements of a Social Media Policy – Employees
Allowable Activities
Creating/registering accounts – professional, personal
Creating/registering organizational social media activities
Appropriate behavior, other parameters
Non-allowable Activities
Organizational Confidential Information
Patient information
Legal Information
Materials that belong to someone else
Consequences for Violations
Social Media Considerations
Is your organization using social media?
For what purpose?
Are all uses sanctioned?
Does your organization have a formal policy?
What challenges is your organization having?
Does your organization monitor employees’ social media activities?
