Health Information Management

Tip: Assess privacy vulnerabilities for social networking sites

HIM-HIPAA Insider, January 5, 2010

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

Trendy social networking sites such as Facebook, TwitterTM, MySpaceTM, and blogs pose enough of a privacy risk that organizations should step back and assess whether their policies are explicit enough to govern proper usage. Determine whether and how you’re vulnerable, as well as whether revising your policies and beefing up your education to specifically address these privacy concerns is enough to satisfy your HIPAA responsibilities and the wants of your staff members.
Each organization must strike its own balance regarding how much personal use of system resources it is willing to tolerate and under what risks, says Reece Hirsch, JD, partner at Morgan, Lewis & Brockius, LLP, in San Francisco.
Hirsch says hospitals are well-served to have comprehensive policies, backed up by training, to educate staff members about uses and disclosures of medical information. “Given the growth of social networking in recent years, it’s probably a good idea to expressly address the subject in the policies and spell out some common-sense ground rules,” he says.
It’s also important that a policy on social networking reminds employees that they should be careful about making statements that might damage the public image of the hospital, he adds. Hospital employees sometimes forget that the same rules apply to medical and proprietary information, whether it’s on the Internet or in the hospital’s files, says Hirsch.
Editor’s note: For more tips, view the December 2009 issue of Briefings on HIPAA.

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

Most Popular