5 patient-centered social media risks

By Michelle McNickle
February 14, 2012
12:11 PM

These days, it's common to connect with others via Facebook and receive news via Twitter. In fact, according to AskAaronLee.com, Twitter has 105,779,710 registered users with 6 million search queries a day. But as the use of social media reaches new heights, so do the risks associated with it – and this is especially true when it comes to patients.

“Information obtained in the public domain, such as social media sites, is there forever and has the potential to be indexed endlessly in many different types of data warehouses,” said Chris Apgar, CEO and president at Apgar & Associates. “The risks are great and can include patient harm, lawsuits, data breaches, regulatory audit and reputational damage to your clinic or patients.”

"It is important to take a close look at what you want to accomplish with social media in the short and long term,” added Christine Arevalo, director of healthcare identity management at ID Experts. “And it’s even more important to make sure your workforce knows what they can and can’t post to social media sites on or off the job.”

Apgar and Arevalo outline five patient-centered social media risks. 

1. Both personal and professional social media posting. The fact that Facebook, Twitter and Skype are readily accessible and often left open in work environments makes it very easy to “inadvertently post patient information,” said Apgar. “[It] represents a real and growing risk. Even if you believe you have social media use under control while your workforce is on the job, one of the most significant risks is a member of your workforce posting patient information on his or her personal Facebook page.” It’s not surprising, he said, that, “friends share with friends. But this turns into a more massive sharing of patient information.”

2. Unencrypted patient information transmission or posting. Any sensitive information, including PHI, that is posted to social media websites is unencrypted – and there to stay, said both Apgar and Arevalo. In fact, a recent article on CNN confirmed many fears by pointing out pictures posted on Facebook were still floating around online, three years after they were “deleted.” “Once the information is posted, it is highly likely you will be unable to delete it,” added Arevalo. “All of this can and has led to breaches of patients’ PHI, which is costly to the organization and can cause harm to the patient.”

[See also: Social media being used as a platform to disclose illness.]

3. Lack of a social media use plan. According to both Apgar and Arevalo, a number of healthcare organizations have “stepped into the world of social media” because their competitors have – something they warn can be dangerous. “That isn’t a good reason to launch a social media program,” Apgar said. “Lack of planning an result in breaches and, again, significant cost to patients and the organization.”

4. Lack of a social media policy and workforce training. Any organization using social media needs to develop and implement a complete and accurate social media policy and related procedures as part of their social media use plan, agreed both Apgar and Arevalo. And this should include workforce training. “Your workforce is more likely to misuse social media on the job and off,” said Apgar. “And, [they could] inadvertently post patient information if they aren’t fully trained regarding the dos and don’ts of social media.” Documenting the plan, he continued, offering ongoing workforce training, the use of encryption, having a usage policy, and communicating to staff about expectations off the clock are all mitigation strategies for reducing your risk.

[See also: Social media guide provides docs with 15 step game plan.]

5. The patients themselves. “Your patients may not always follow security or privacy practices with their own personal information,” said Arevalo. “Whether self-disclosed, or disclosed by a third party, the information can cause you harm.” She added you most likely don’t have control over how patients treat their own data, and you don’t have a regulatory responsibility when it comes to patients posting their own heath information to social media sites. “But there are risks that you should prepare for,” she said. For example, the posting of patient information that results in a breach doesn’t necessarily need to include the patient’s name. “If you post enough information where a ‘reasonable person’ can identify the individual you’re posting about, you have just breached a patient’s PHI,” said Apgar.

Follow Michelle McNickle on Twitter, @Michelle_writes

Topics: 
Privacy & Security

More regional news

VA building signage

House passes veterans healthcare package without RESET Act

By
Andrea Fox
November 21, 2024
David Miles of Oklahoma Heart Hospital

Deep dive: A tour of all-digital Oklahoma Heart Hospital, where automation is the norm

By
Bill Siwicki
November 21, 2024
Healthcare workers looking at X-ray images on monitors

Streamlining healthcare operations with multicloud-by-design

November 21, 2024
Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story

VA building signage
House passes veterans healthcare package without RESET Act

Most Read

Particle Health files antitrust suit against Epic
Choosing a managed IT service for aged care
ASTP intros 2024 draft Federal FHIR Action Plan
CrowdStrike all but assures Capitol Hill: Never again
Korea's largest hospital bags APAC's first Stage 6 of new INFRAM
Sens. Warner & Wyden seek healthcare cybersecurity mandates in new bill

Research

White Papers

More Whitepapers

Patient Engagement
Patient Engagement
Financial/Revenue Cycle Management

Webinars

More Webinars

Imaging
Interoperability
Artificial Intelligence

Video

David Miles at Oklahoma Heart Hospital_Part 1_Doctor holding health icon Photo by Tippapatt/iStock/Getty Images Plus
The CIO of an all-digital hospital walks readers through its successes
Dr Alice Sutedjo Lisa at SMC Telogorejo Hospital_HIMSS24 APAC
Assisting the elderly in digital care
Dr. Benoit Desjardins of the University of Montreal
Cyberattacks are becoming more widespread, and more disruptive
George Pappas at Intraprise Health_Digital shield and lock Photo by da-kuk/Getty Images
Tighter cyber mandates hold New York providers to higher security standards

More Stories

BJ Schaknowski of symplr
Too many IT systems with limited alignment impacts care quality
Doctor in scrubs using computer
Tenet to deploy AI platform across its physician network
Healthcare CIO with other healthcare executives
Health system CIOs' strategic responsibilities continue to evolve
George Pappas at Intraprise Health_Digital shield and lock Photo by da-kuk/Getty Images
Tighter cyber mandates hold New York providers to higher security standards
Clinicians look at diagnostic imaging
American College of Radiology launches AI quality registry
A doctor with glasses sits at a desk and speaks during a telehealth visit.
DEA and HHS extend virtual prescribing for controlled substances through 2025
Dr. Jay Anders at Medicomp Systems_Computer chip with stethoscope Photo by Just_Super/iStock/Getty Images Plus
Transparency and responsible AI are crucial for medical devices
George Pappas of Intraprise Health on cybersecurity
How to protect telemedicine from cyberattacks