TRENDING:

The Security Scrutinizer with Howard Anderson

A Social Media Policy Checklist

Tips for Preventing Privacy Violations Howard Anderson (ismg_editor) • August 18, 2011    

Because social media pose significant risks to patient privacy, healthcare organizations need to develop detailed social media policies. But unfortunately, many organizations have yet to take that action.

An informal survey late last year by the American Health Information Management Association found that a little more than half of organizations had a formal social media policy in place, says Cecilia Backman, associate director of health information management at Parkland Health and Hospital System in Dallas. Backman, who collaborated on the survey project, was a speaker at this week's AHIMA Legal Electronic Health Record Summit.

Staff members at hospitals and clinics need to be aware that social media sites do not use encryption and are fundamentally unsecure, Backman stressed. Thus, they must make sure that information about patients is never posted on any social media site, such as Facebook and Twitter.

Privacy Precautions

Steps that organizations can take to minimize the risks involved in using social media, Backman said, include:
  • Conduct a social media risk analysis that addresses operational and well as technical issues;
  • Develop a formal social media policy that addresses all identified risks and covers staff as well as volunteers, contractors and independent practitioners - anyone who might have access to patient information;
  • Spell out in the policy expectations for the ethical behavior of those who create content for social media sites on behalf of the organization or use social media in any way, both at work or on their personal time;
  • Specify sanctions for violations of the policy and provide extensive annual staff training;
  • Modify medical staff rules, employee privacy agreements as well as business associate agreements to address the use of social media; and
  • Monitor mentions of your organization on various social media sites to guard against potential health information breaches.

When it comes to social media, "We need to tread lightly and carefully as we move ahead," Backman stressed. "We certainly want to use social media, but we have to be able to ensure the privacy and security of patient information."

Preliminary results of HealthcareInfoSecurity's inaugural Healthcare Information Security Today survey show that 55 percent of respondents say their organization has a formal social media security policy in place. Of those, 40 percent have taken disciplinary action for violations of the policy.

There's still time to participate in the survey to help us provide you with a detailed overview of the privacy and security policies of healthcare organizations. We'll be reporting on all the results in the weeks to come.



About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




Around the Network

Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Properly Vetting AI Before It's Deployed in Healthcare
Properly Vetting AI Before It's Deployed in Healthcare
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.co.uk, you agree to our use of cookies.