Technology
e-Newsletter
Intelligence Unit Special Reports Special Events Subscribe Sponsored Departments Follow Us

Twitter Facebook LinkedIn RSS

Time to Check Dangers of Social Networking

Dom Nicastro, for HealthLeaders Media, October 8, 2009

Though many popular Web sites have strong privacy practices in place, there is still no better time to analyze where, when, how, and if your personal health information (PHI) is circulating through these types of Web sites.

The Ponemon Institute and TRUSTe released its 2009 Most Trusted Companies for Privacy Award recently and ranked eBay, Verizon, the US Postal Service, WebMD, and IBM as the top five. But health leaders must also beware of employees sending any PHI on the Internet.

The last thing you want is to get burned because someone in your organization without authorization sent PHI across Yahoo!, Facebook, or similar sites.

It's not common—though it's possible—for healthcare workers to use these sites to intentionally and maliciously violate patient privacy laws.

More often, healthcare workers sign on during breaks, or when they are off work, and vent about their day with friends without realizing that they share identifiable information and violate HIPAA.

Regardless of how you respond to these privacy and security vulnerabilities, education is crucial, says Chris Apgar, CISSP, president of Apgar & Associates, LLC, in Portland, OR and a HIPAA expert.

"A lot of people are panicking," Apgar says. "But one thing that's not well understood is the danger related to all this."

Transmission over an unsecure network is inevitable, particularly if the sender and the receiver don't share a secure network, says Apgar.

Combat this with these four education models:

  • New employee training (orientation)

  • Annual refresher training

  • Security reminders (weekly helpful e-mails; information in hospital newsletters; and flash reminders on staff computer monitors)

  • Communications policy—as with confidentiality agreements, require staff members to acknowledge in writing that they have read and understand it. Do this annually at staff performance reviews.

An article in the September issue of the Journal of the American Medical Association entitled "Online Posting of Unprofessional Content by Medical Students," revealed that 60% of 80 medical school deans reported incidents involving unprofessional postings on these types of Web sites.

Another 13% acknowledged incidents that violated patient privacy. Some of these violations resulted in expulsions from medical school, according to the article.

"These professionals are well educated, but that doesn't mean they are savvy with security," says Apgar.

Comments are moderated. Please be patient.