Health Information Management

Use social media cautiously: Tips to help prevent PHI breaches

HIM-HIPAA Insider, August 9, 2011

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

Healthcare organizations can protect themselves from PHI breaches associated with the use of social media. Chris Apgar, CISSP, president of Apgar & Associates, LLC, in Portland, OR, offers the following recommendations:

  • Establish and document a formal policy governing use of social media. Use results of periodic and annual audits to update your policy regularly.
  • Educate all staff members regarding your social media policy and its enforcement.
  • Conduct a risk analysis to identify threats that your organization faces.
  • Evaluate the use of social media for business, clinical, and personal purposes.
  • Require the use of company-owned portable devices, if feasible. You have greater control of equipment you own.
  • Prohibit and block use of Web mail.
  • If your organization uses social networking sites for business and/or clinical purposes, know and document your acceptance of these risks.
  • Prohibit after-work use of social media to post PHI or health information that can easily identify a patient. Ensure that your policy specifically explains this prohibition and the disciplinary actions that violators face.
  • Ensure that your policy addresses remote access.
  • Monitor Internet use and sites visited. Block access as you deem necessary
Editor’s note: For additional tips, see the August issue of Briefings on HIPAA.



Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

Most Popular