On the 18th of October, the Mayo Clinic Center for Social Media announced the publication of “Bringing the Social Media #Revolution to Health Care” (Mayo Clinic) – for those involved in the health care vertical and with social media responsibilities you owe it to yourself to get this book. More than 20 individual contributors made this book possible, with the heavy editorial lifting being accomplished by the esteemed Meredith Gould under the leadership of Lee Aase, the Director of the Mayo Clinic Center for Social Media. All who participated donated their time, effort and royalties to the Mayo Clinic to be used in the creation of scholarship
The cost of the book is $9.95 and in my opinion worth many times more than that – you may click on the picture of the cover to be taken to Amazon where it may be purchased.
I was honored to have been asked to contribute an essay on Privacy & Compliance, and now that the book has been published, I share with you that piece:
Privacy – Who cares? You better.
Christopher Burgess, CSO, Atigeo, LLC
Privacy, why do we care? What if we ignored the whole topic and simply focused on the operational tasks at hand? Who would notice? What’s the downside? What level of resource investment should be made? Do I need a guide? These are all legitimate questions worthy of addressing as you strategize and put together your tactical plan for social media/network engagement.
In the United States, the healthcare arena has two sets of regulations sitting front and center that warrant understanding and consideration when setting up your social media engagement: the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Heath Act (HITECH). These two acts require businesses to meet a minimum level of compliance relative to handling the Personal Health Information (PHI) of patients. Giving short shrift to these puts your brand at risk. Patients who don’t trust you to protect their privacy will find a provider who does protect their PHI.
Privacy discussions must be embedded at the point of ideation and design whether you’re designing a patient support entity where you control the entire technological ecosystem or using a third-party infrastructure (e.g., Facebook). In either case, you should provide a guide for anyone who will be engaging with you via social media. Your guide should include basic rules of engagement ranging from what type of information is permitted, caution about resisting a desire to overshare PHI, and way to ensure they won’t put their PHI at risk inadvertently
And don’t forget your employees, who also need a guidebook that provides the specifics about how you expect them to protect PHI for patients as well as colleagues (see: Social Media Governance for a policy database of 170+ exemplars). Count on your employees doing not only what is most efficient, but what achieves the goals and objectives. A guide helps them know exactly what you expect. You want to avoid these common pitfalls:
- Using third party environments to collaborate on patient follow-up and care that aren’t designed to protect PHI. (i.e., private groups within Facebook)
- Setting up a closed patient support group that ties patient membership to their PHI. (i.e., as part of the registration system, requiring the linkage to their patient electronic health record)
- Commenting on patient specific illness or PHI within one’s social networking platforms (see: Doctor busted for patient info spill on Facebook).
My My bottom line caution: do not assume that compliance with various regulations and requirements automatically ensures security when it comes to PHI, nor is privacy automatically guaranteed.
You may purchase this book at Amazon: