Hospital Information Systems
Avoid social networking poison
By Fred Touchette, November 2010
Hospital staff may unknowingly subject the hospital network to a variety of Web-based threats. These tips will help you mitigate the risks.
Today, as the use of mobile devices like iPhones and BlackBerrys increases on the job, so does easy access to social networking sites, such as Twitter, Facebook and LinkedIn. As a result of this easy access, hospital staff may unknowingly subject the hospital network to a variety of Web-based threats, including malware, viruses, Trojans and worms.
What's worse, a new device made available to help hospitals enhance patient tracking and medicine/drug administration is likely operating on the same network as that of mobile devices carried around by hospital staff, thus putting patients' care and their records at risk. Mobile device and social networking usage at work, without appropriate security policy and enforcement measures in place, can open the network to an array of potentially damaging security situations.
Research has shown that IT security is considerably underfunded within the healthcare industry, yet many new security regulations are now required. The benefits of establishing a social networking policy, along with providing key information to enhance employee education, can be used to establish a safe and effective use of social networking technologies within the healthcare organization, while ensuring the security of the hospital network as a whole.
Unfortunately, there are no easy answers. Here are the top tips for healthcare compliance professionals to keep in mind when working to ensure that the appropriate security precautions are in place for staff members who utilize social networking sites.
Understand the definition of "social networking." Although a good first step, it's not enough to say you have a social networking policy in place. You need to ensure that all staff members understand the definition of social networking and how it applies to Facebook, MySpace, Twitter, SMS and MMS texting and other popular technologies. This comprehension of social networking is key because it will help to enhance the security of the hospital network, especially as more doctors and staff members utilize mobile devices to take notes or access patient information on the go.
Examine the ways social networking coexists within the healthcare arena today. There are some clear benefits to utilizing various forms of social networking within the healthcare industry, especially when it comes to efficient note taking. Sometimes, sharing information with other doctors via SMS or MMS texting is an efficient way to access a "brain trust" of sorts to diagnose a patient in a faster timeframe. These mobile devices, however, should be managed as part of the social networking policy to be certain that they do not include stored personal information about the doctor or hospital. This will be important to ensure compliance with HIPAA regulations.
Identify the risks and benefits of utilizing social networking technology within the healthcare industry. Similar to the definition of social networking, the risks and benefits should be clearly stated and explained for all hospital staff. Additionally, by highlighting the link between the technology and regulatory environment, you can help your organization remain compliant with HIPAA, among other federal regulations.
Share real-world examples. At the next company-wide meeting, or through various forms of information-share at the hospital, highlight examples of how easy it is to misuse social networking. It will be important to emphasize the consequences associated with the misuse of social networking, some of which can come in the form of significant fines or potential termination, to name a few.
As any good doctor would say, "prevention is always the best medicine." A healthcare organization can maintain sound security by developing — and following — a comprehensive set of policies and using appropriate solutions when possible..
Fred Touchette is senior security analyst at AppRiver.
For more information on AppRiver: www.appriver.com