These days, it's common to connect with others via Facebook and receive news via Twitter. In fact, according to AskAaronLee.com, Twitter has 105,779,710 registered users with 6 million search queries a day. But as the use of social media reaches new heights, so do the risks associated with it – and this is especially true when it comes to patients.
“Information obtained in the public domain, such as social media sites, is there forever and has the potential to be indexed endlessly in many different types of data warehouses,” said Chris Apgar, CEO and president at Apgar & Associates. “The risks are great and can include patient harm, lawsuits, data breaches, regulatory audit and reputational damage to your clinic or patients.”
"It is important to take a close look at what you want to accomplish with social media in the short and long term,” added Christine Arevalo, director of healthcare identity management at ID Experts. “And it’s even more important to make sure your workforce knows what they can and can’t post to social media sites on or off the job.”
Apgar and Arevalo outline five patient-centered social media risks.
1. Both personal and professional social media posting. The fact that Facebook, Twitter and Skype are readily accessible and often left open in work environments makes it very easy to “inadvertently post patient information,” said Apgar. “[It] represents a real and growing risk. Even if you believe you have social media use under control while your workforce is on the job, one of the most significant risks is a member of your workforce posting patient information on his or her personal Facebook page.” It’s not surprising, he said, that, “friends share with friends. But this turns into a more massive sharing of patient information.”
2. Unencrypted patient information transmission or posting. Any sensitive information, including PHI, that is posted to social media websites is unencrypted – and there to stay, said both Apgar and Arevalo. In fact, a recent article on CNN confirmed many fears by pointing out pictures posted on Facebook were still floating around online, three years after they were “deleted.” “Once the information is posted, it is highly likely you will be unable to delete it,” added Arevalo. “All of this can and has led to breaches of patients’ PHI, which is costly to the organization and can cause harm to the patient.”
3. Lack of a social media use plan. According to both Apgar and Arevalo, a number of healthcare organizations have “stepped into the world of social media” because their competitors have – something they warn can be dangerous. “That isn’t a good reason to launch a social media program,” Apgar said. “Lack of planning an result in breaches and, again, significant cost to patients and the organization.”