Wednesday, May 23, 2012

Crafting a Social Media Policy

Today's Computerworld has a great article about the issues of mixing social media and healthcare.

As hospitals and clinics formulate social networking policies, there are three broad considerations:

1.  Given HIPAA and HITECH privacy and breach rules, how can you best prevent the disclosure of protected healthcare information on insecure social media sites?

2.  Given the distraction factor and productivity loss that can occur with social media, how can you best align the benefits of groupware communication while minimizing the negatives?

3.  How can you reduce the security risks of malware embedded in games and other applications that are downloaded from social networking sites?

To date, Beth Israel Deaconess has focused on #1, ensuring that our employees do not post data to social networking sites in violation of state and federal laws.

We've not yet completed a  policy covering #2, although several hospital sites and departments are discussing the issue.

We're developing a pilot for #3, including blocks on selected websites, Facebook add-on applications, and personal email.

Ensuring we have a suite of social media policies is one of our Internal Audit focuses for 2012.  To formalize our polices, procedures, and guidelines, we're collecting best practices for healthcare institutions throughout the country and assembling a multi-disciplinary group including Corporate Communications, Legal and IT.

There are many benefits to social networking to foster collaboration and communication.   As we work on developing further policies, I'll share our lessons learned in future posts.


Unknown said...

Happy Birthday on May 23rd John and Micky Tripathi and Meg Aranow! My birthday is a day after this trio of great contributors. Massachusetts and all of Healthcare IT has benefited from you all. I'm delighted to share the space around the cusp of being a Gemini with these three.

Marianne Boswell

Morgan Rose said...

Personally, the challenge for me in crafting social media policy is not overcoming privacy and security issues. That's why the organization I work for has hired a man so skilled with computers he could likely build one out of things he finds in the lunch room. And program a firewall into it with using a stapler. The challenge, then, is providing innovative content that doesn't undermine the other messages my company wants to communicate. Our company's policy openly discusses the freedom of social media administrators to utilize humor, innovative or controversial topics, and personal passions. It humanizes the voices providing content on media platforms, voices who are also required to be responsive to public queries.

Taylor said...

We built a policy that essentially states that inappropriate use of social media will subject you to sanctions and discipline. The policy also defined what uses of social media were appropriate for company use only. We then created a guidelines document for all staff - focus of this was to ask all staff to use good judgement.

We embrace responsible use of social media