Social Media: Teach Patients the RisksHealthcare Providers Can Offer Security, Privacy Guidance
We've all seen this in action. Patients with chronic illnesses often find comfort, kinship and helpful medical information through social media. Those Facebook and Twitter connections can mean everything to someone who's struggling.
See Also: Creating a Culture of Security
The trouble is: There are also some serious privacy and security risks involved with sharing personal health information online. And often these risks are overlooked.
The benefits to be gained from social media by patients outweigh the negatives - as long as individuals are mindful about the specific risks.
I just reviewed a new study by non-profit consortium eHealth Initiative, A Report on the Use of Social Media to Prevent Behavioral Risk Factors Associated with Chronic Disease, which outlines the pros and cons for patients who use social media to help deal with their medical conditions.
For the most part, the benefits to be gained from social media by patients outweigh the negatives - as long as individuals are mindful about the specific risks related to their privacy and security.
The pros: Social media, including health-themed networking groups, blog sites and discussion boards, allow patients with diseases ranging from diabetes to cancer to find groups of other individuals also dealing with the same issues, so that ideas and discoveries about managing their conditions - from healthy eating, to dealing with symptoms and worries - can be discussed and shared.
The cons: One might find bad information on these sites (what, not everything on the Internet is credible?). And, of course, there's always the risk that patients might inadvertently disclose too much of their own information, including personally identifiable data.
Patients need to balance transparency and anonymity, says Jennifer Covich Bordenick, CEO of eHealth Initiative, who spoke with me about the study. That balance means being mindful of sharing information about one's self, including carefully reading the terms and conditions to participate.
"Read the fine print," Bordenick says. "Patients should see if there are opt out or default settings, especially if you are asked to set up a profile," she says. The terms and conditions should also spell out how the data on the site is collected, stored and shared. "If you're not sure, be anonymous. Err on the side of safety," she advises.
Never put PII, such as addresses and names, or even health plan or provider names, on these sites, she adds. Which, of course, is common sense - until you get caught up in the sense of community that social media can provide.
Meanwhile, although patients are frequently drawn to using these sites, many healthcare providers are not at all crazy about using social media to communicate with patients or peers, or to even promote the use of the sites for patient education.
For one, providers are often wary about the accuracy of the information shared on the sites, and they don't want patients to gamble with taking advice found online that the provider doesn't know about or endorse.
The study finds that most providers shy away from using social media for communication with patients - and even their own healthcare workforces - because of concerns about patient privacy and HIPAA compliance.
"Many providers are just dipping their toes in social media, and many others are still in the process of getting their practices wired," she says.
Nonetheless, providers need to recognize that patients are going to go online to look for information, and even discuss their personal situations with others on these sites, with or without a doctor's approval. So, providers need to become educated about the sites that they think offer not just the best evidence-based information for patients to check out, but also robust privacy control settings.
And as physicians become educated about the best social media sites for patients to use, they also need to train their staffs about the privacy concerns involved with staff members' personal use of social media. The healthcare workforce needs to know that they should not discuss patients on these sites, and most certainly not disclose any patient PHI. Sounds basic, but how many stories have we heard in recent times about social media data leakage?
Andrew Hicks, director and healthcare practice lead at the risk management consulting firm Coalfire, advises healthcare organizations to consider monitoring social media sites for disclosures about patients. The workforce should also be made aware of whom within the organization should receive reports of patient privacy breaches that they discover online or elsewhere.
Hicks also says it's critical that enforcement of social media policies be backed up by sanctions for violations, Hicks says. "It's a HIPAA requirement to have sanction policies, and ultimately it defines what disciplinary actions [can be taken against] an employee who violates the policies," Hicks says.
Bordenick and Hicks also point out that healthcare organizations need to consider alternative and secure electronic ways to communicate with patients - like secure e-mail and text - if the providers are steering away from participating in social media.
So, while HIPAA has many healthcare organizations squeamish about using social media as a communication platform for their organizations, healthcare entities must acknowledge that their patients embrace these sites.
My take: Healthcare providers should be ready to offer patients suggestions for sites that offer credible medical information, but with the caveat about the risks of sharing too much personal information.