As the use of the internet increasingly becomes a community blackboard, how does that affect the risk of privacy violations for provider’s patients? What are implications when a hospital employee has their picture taken with a patient and posts it on their Facebook? People are talking about patients they cared for on a private site with people who have no right to know. There’s data that demonstrates this is an increasing risk.

Eighty deans from medical schools that are members of the Association of American Medical Colleges were recently surveyed about medical students’ behavior on social networking sites and blogs. Results were reported in the Sept. 23 issue of the Journal of the American Medical Association. According to a summary of the survey, 60% of medical schools in the U.S. responded, and 60% of them “reported incidents of students posting unprofessional online content.” Thirteen percent of the deans cited violations of patient confidentiality. When people get into social networking sites, they become very comfortable with the people they are talking to. They lose perspective and the lines blur and they want to talk about what they do and they want it to sound exciting, so they often go a little too far. There are many new opportunities for violating privacy and every hospital has to take action.

Some alternatives are blocking employee access to the Internet, implementing restrictive policies or providing intensive training, or a combination of all of them. For example, the technical support from within the IT department can prevent employees from accessing social networking and other inappropriate Web sites at their work computers. This includes shopping on eBay, “friending” people through Facebook, or entering other Internet worlds. This can minimize the potential for security and privacy violations.

A second way is through the establishment and implementation of general ethics and compliance standards. Employees need to be reminded that they are privy to patients’ most confidential information and that’s a sacred trust. Discussions should be held using examples like videos and pictures and sharing patient information and its inappropriateness on social networking.

Employees should not be allowed to photograph clinical areas unless there are business purposes and management has preapproved the project. For example, there have been incidences of employees using their cell phones to take pictures of semi-public areas and inadvertently including a patient.

There have been incidences that employees respond on their Web sites to patient comments on the care they received while in the hospital. They meant well and didn’t think this violated HIPAA. Hospitals need very clear policies and training.

So, just when you think you have all of the appropriate security controls in place and are compliant with the laws, technology brings something else that had never been considered. How do you address social networking in your organization?

Donald M. Jacobs
President, Inteck Inc.
http://www.inteck-inc.com/

Source:
“Report on Patient Privacy”, Volume 9, Number 12. http://www.aishealth.com/