Whitney Palmer

No Tweeting Allowed

Published in the American Hospital Association’s June 2010 Hospitals & Health Networks

By Whitney L.J. Howell

Nervous about patient privacy, hospitals limit staff access to social media sites

Tweeting, Facebooking and blogging are easy ways to communicate and are becoming nearly ubiquitous in this age of portable computing. But for some hospital staff, they are becoming taboo activities.

Social networking can present dangers to patient privacy and other business practices. Neither the American Hospital Association nor the American Society for Healthcare Risk Management has official policies regarding social networking, leaving hospitals to decide individually how best to police work time usage.

The threat of privacy violations is real but it is unrealistic to expect hospitals to sever all access to these sites, says Robert Coffield, health care attorney with Flaherty, Sensabaugh & Bonasso, Charleston, W. Va. The challenge is training staff to use them properly while controlling their access. “Educating people to use social networking appropriately is difficult,” Coffield says. “Communication between hospital and patient is two-way, but it’s restricted from the hospital’s perspective to protect the patient.”

The University of North Carolina Health Care System blocked network computers from accessing Facebook, Twitter and MySpace after a security breach that left its patient records vulnerable, says Karen McCall, UNC’s vice president of public affairs and marketing. UNC does allow YouTube access.

“We created a firewall around the workstations that can access our patient data,” she says. “We wanted to avoid a situation where one of these sites allowed a virus into our network and compromised private information.”

UNC employees can access a social networking site on campus with personal laptop computers, BlackBerrys or smart phones. Patients have unrestricted access, but UNC asks they not share information about other individuals, including e-mail addresses, phone numbers or more sensitive personal details.

University of Iowa Health Care chose to limit employee access to these sites at workstations, but its rationale stems from patient safety concerns.

“We were concerned about making sure that our staff weren’t distracted in the clinical setting,” says Lee Carmen, Iowa’s associate vice president for information systems. “We also wanted the medical students to observe our staff focusing on the patient rather than anything else.”

Rather than actively limit access to social networking sites, some hospitals publish their expectations and rely on staff compliance. California’s Stanford

Hospital and the Cleveland Clinic have written policies posted online to protect patient privacy. They mandate users be at least 18 years old and refrain from posting any information related to patients. They also specify that the hospitals can eliminate access to the sites without notice.

This article 1st appeared in the June 2010 issue of HHN Magazine.

To view the article online: http://www.hhnmag.com/hhnmag_app/jsp/articledisplay.jsp?dcrpath=HHNMAG/Article/data/06JUN2010/1006HHN_Inbox_SocialMedia&domain=HHNMAG

June 8, 2010 - Posted by wjpalmer | Healthcare | blogging, facebook, hospital policies on social networking, legal issues surrounding social networking in health care, patient privacy, social networking in health care, social networking in hospitals, twitter