Time to Check Dangers of Social Networking
Though many popular Web sites have strong privacy practices in place, there is still no better time to analyze where, when, how, and if your personal health information (PHI) is circulating through these types of Web sites.
The Ponemon Institute and TRUSTe released its 2009 Most Trusted Companies for Privacy Award recently and ranked eBay, Verizon, the US Postal Service, WebMD, and IBM as the top five. But health leaders must also beware of employees sending any PHI on the Internet.
The last thing you want is to get burned because someone in your organization without authorization sent PHI across Yahoo!, Facebook, or similar sites.
It's not common—though it's possible—for healthcare workers to use these sites to intentionally and maliciously violate patient privacy laws.
More often, healthcare workers sign on during breaks, or when they are off work, and vent about their day with friends without realizing that they share identifiable information and violate HIPAA.
Regardless of how you respond to these privacy and security vulnerabilities, education is crucial, says Chris Apgar, CISSP, president of Apgar & Associates, LLC, in Portland, OR and a HIPAA expert.
"A lot of people are panicking," Apgar says. "But one thing that's not well understood is the danger related to all this."
Transmission over an unsecure network is inevitable, particularly if the sender and the receiver don't share a secure network, says Apgar.
Combat this with these four education models:
- New employee training (orientation)
- Annual refresher training
- Security reminders (weekly helpful e-mails; information in hospital newsletters; and flash reminders on staff computer monitors)
- Communications policy—as with confidentiality agreements, require staff members to acknowledge in writing that they have read and understand it. Do this annually at staff performance reviews.
An article in the September issue of the Journal of the American Medical Association entitled "Online Posting of Unprofessional Content by Medical Students," revealed that 60% of 80 medical school deans reported incidents involving unprofessional postings on these types of Web sites.
Another 13% acknowledged incidents that violated patient privacy. Some of these violations resulted in expulsions from medical school, according to the article.
"These professionals are well educated, but that doesn't mean they are savvy with security," says Apgar.
- Senators Hear How Two-Midnight Rule Harms Patients, Hospitals
- 3 Management Lessons from a Supermarket Debacle
- Handshaking Spreads Germs. Get Over It.
- Healthcare Costs Start With What We Eat
- Hospitals Likely to Outsource ICD-10 at Launch
- IOM Identifies GME Problems, Calls for Finance Changes
- CMS Confirms ICD-10 Deadline
- Anatomy of 3 Health System Rebranding Efforts
- Premium Subsidy Fight Creating Uncertainty for Hospitals, Health Plans
- 2015 HIX Premium Hikes May Top 7%