What policies should hospitals and other facilities enact to educate staff on patient privacy in the age of Facebook and Twitter?
A couple of weeks ago, I pondered potential privacy issues when it comes to the use of social media to monitor patient activity, which is at this point kind of an open, fuzzy area.
In stark contrast, here’s an example of an open-and-shut case of violation of patient privacy: a recent LA Times report of nurses and hospital staff posting pictures of a dying patient on Facebook.
Okay, this may or may not be surprising to those who work in a hospital setting. It may not even be surprising to the public, as there has been conversation surrounding patient privacy issues like this for a while. If there’s one thing these stories tell us, it’s that healthcare professionals of all ages and at all levels of responsibility are subject to occasional lapses in judgment when it comes to personal communications. Any organization providing patient care should have a policy in place regarding employee conduct and use of social media.
What are hospitals, surgery centers, clinics, and offices to do? I’m aware that the larger organizations have been investing in security software such as Vericept or WebSense that provide administrators with the ability to monitor or curtail employee online activity.
However, social media activity is becoming increasingly difficult to monitor because it is available on virtually every kind of personal communication device these days. My cell phone allows me to upload an image to Facebook with one click after image acquisition. I can literally take a picture and post it online in less than 10 seconds using one hand. I’m sure that Gen Y med students can accomplish this much faster.
So, what’s the answer? Some might say that hospitals and other organizations should be proactive in educating healthcare staff to understand that patient privacy extends to all of their online activities. Others might favor relying on whistleblowing as a way to keep people honest. What tools and policies do your organization have in place?