Social Media In Healthcare: How To Manage The Risks

As social media platforms start to grow in popularity in healthcare payer and provide organizations, CIOs must build a framework of rules and embark upon a mission to educate their employees about social media’s pros and cons.

That was the advice of veteran healthcare IT professional Sriram Bharadwaj, who spoke at the recent Healthcare IT Summit about the positives and negatives of using social media. Due to strict privacy laws and complex regulations, healthcare has been slow and cautious to adopt Twitter, Facebook or LinkedIn for patients, customers, suppliers and employees. But as Bharadwaj pointed out during his keynote presentation, CIOs must find a way to manage these tools due to their overwhelming momentum in the workplace.

“Help employees understand cause and effect of their actions,” said Bharadwaj, principal management consultant at Business Strategix Inc. At the conference, Bharadwaj discussed social media in the workplace and offered advice to IT executives on ways to manage the risks it poses to healthcare organizations.

In the healthcare space, social media is creating huge opportunities across the board. For instance, many see it as a tool for increasing patient connectivity and spreading accurate medical information. Other CIOs see it as a tool for increasing awareness of their organizations or for customer and employee engagement or driving marketing initiatives forward. It also provides a huge advantage in the expansion of connected health and patient involvement in their care.

But despite the promise, few organizations have really embraced social media. Based on Bharadwaj’s research, only Blue Shield of CA and Scripps Health out of the 11 top healthcare payer and provider organizations are using use social media. The other nine have shied away from its use because of the productivity drain, security and solicitation risks involved in its use.

Social media usage does open up an IT department and the overall organization to a wide range of threat management such as malware attacks, attachments in the form malicious and harmful links and websites, along with email and messaging features that bypass corporate anti-spam and anti-malware filtering.

“One piece of advice to mitigate these technology risks is to strengthen your virus and malware protection through frequent virus updates and heightened monitoring,” Bharadwaj told the attendees.

“Stronger enforcement of policies through random audits of devices and data traffic and continuous monitoring with enhanced security operations control center personnel and real-time alerts will also help you avoid certain social media security issues,” he said. He also recommended deploying data leakage protection (DLP) software to track, warn employees and supervisors of possible data loss.

Adhering to compliance policies is a particular challenge for healthcare organizations. Risks include employees unknowingly exposing PHI data through “friending” activities or the possible loss of company source codes, budget information or other sensitive documents or information through tweeting or other social media activity.

“Some ways to manage this is by using collaboration sites and intranet to reinforce messages on a regular basis, training employees on dos and don'ts, and helping supervisors with cheat sheets on how to coach employees on productivity and policies supporting openness to social media,” Bharadwaj said.

Lastly, legal risks, which are the trickiest, are likely to surface as a healthcare organization adopts social media strategies. These risks include inadvertent posting of confidential information leading to insider trading, content disseminated that is copyrighted or trademarked, libel claims, or employees posting comments that may not be fully accurate or true about an individual or a competitor’s services.

“On the legal front, my advice is to update policies to reflect your framework on a social media approach,” said Bharadwaj. “Other ways to avoid legal issues are to document strict enforcement guidelines with consequences for misuse of social media, and taking swift action on employees who violate policies and guidelines.”

CIOs throughout the healthcare spectrum have to embrace and manage social media, said Bharadwaj. Its usage is inevitable and will be pervasive. He joked that every facet of his life is now impacted by social media, even summoning his young daughter to the family dinner table. “I now text her because she won’t answer my calls,” Baradwaj joked.