As hospitals and clinics formulate social networking policies, there are three broad considerations:
1. Given HIPAA and HITECH privacy and breach rules, how can you best prevent the disclosure of protected healthcare information on insecure social media sites?
2. Given the distraction factor and productivity loss that can occur with social media, how can you best align the benefits of groupware communication while minimizing the negatives?
3. How can you reduce the security risks of malware embedded in games and other applications that are downloaded from social networking sites?
To date, Beth Israel Deaconess has focused on #1, ensuring that our employees do not post data to social networking sites in violation of state and federal laws.
We've not yet completed a policy covering #2, although several hospital sites and departments are discussing the issue.
We're developing a pilot for #3, including blocks on selected websites, Facebook add-on applications, and personal email.
Ensuring we have a suite of social media policies is one of our Internal Audit focuses for 2012. To formalize our polices, procedures, and guidelines, we're collecting best practices for healthcare institutions throughout the country and assembling a multi-disciplinary group including Corporate Communications, Legal and IT.
There are many benefits to social networking to foster collaboration and communication. As we work on developing further policies, I'll share our lessons learned in future posts.