Containing the Patient Privacy Breach
Qualify for a free subscription to HealthLeaders magazine.
Social media creates new challenges for patient privacy.
Patient confidentially used to be a simple concept, simply enforced. Healthcare workers, for the most part, knew not to poke their nose in the records room or gossip about patients' medical issues. Privacy breaches, when they occurred, could be contained.
Along came electronic medical records, Internet social sites like Twitter and Facebook, and hackers. These newfangled online outlets provide—literally and in an instant—global access to patients' medical records, which makes breaches a lot more serious and enforcement a lot tougher.
"Patient information is like radioactive material," says Arthur R. Derse, MD, director of the Center for Bioethics and Medical Humanities at the Medical College of Wisconsin in Milwaukee. "It must be protected. It must be contained. It cannot be taken out of the building, sent out of the building, or looked at inappropriately if the employee is not permitted to access it.
"The problem is students and employees and younger folks coming into work think of Facebook and Twitter as something you do. Just as you shouldn't be saying anything about patients on the telephone, you shouldn't be Twittering or Facebooking about work," Derse says.
Fortunately, the concept of patient confidentiality has remained as simple now as it was in the time of Hippocrates. Rather than devising detailed, multilayered responses to every new social networking outlet that pops up every few months, effective patient confidentiality guidelines should identify the new threats but focus on instilling that simple and ancient principle with trustworthy employees.
Pamela Paulk, vice president of human resources at Johns Hopkins Hospital and Johns Hopkins Health System, says the Baltimore-based health system's confidentiality guidelines are based upon trust. "We really do believe that our employees are going to do the right thing," Paulk says. "Our guidelines say that everybody has gone through HIPAA training and signed their confidentiality agreements. We say that extends to social media, anything that would apply at work applies on social media. That is basically the guidelines."
- Two-Midnight Rule Must be Fixed or Replaced, Say Providers
- Don't Underestimate Emotional Intelligence
- The Secret to Physician Engagement? It's Not Better Pay
- Care Coordination Tough to Define, Measure
- Yale New Haven Health Partners with Tenet Healthcare in CT
- Physicians Take SGR Repeal Message to Washington
- Size Matters in Antibiotic Overuse
- CDC Warns of Antibiotic Overuse in Hospitals
- SCOTUS Review of NC Board Case 'A Very Big Deal' to Providers
- 4 Reasons PCMH Principles Aren't Going Away