The relationship between patients and physicians — particularly with social media’s growing role — is a hot topic in today’s health care space. Patients want access to their medical records through new channels, such as instant messaging and Facebook, but some physicians aren’t too keen on this idea given the risk of personal health information (PHI) being leaked.
To help balance these two poles, a webinar hosted by technology consulting firm Perficient — titled “How to Protect Patient Data in an Increasingly Social Healthcare Industry” — focused on why physicians and patients should be cognizant of health care social media, as well as HIPAA rules and implementing security measures.
Health care social media can still be a “visit.” For physicians that do partake in social media, they will often set up personal Internet portals to interact with patients through different mediums such as instant messaging and Skype, said Anand Sangtani, solution architect at Perficient. Further, patients must be aware that the disclosure of information in a social format has to be protected as if it were done in a traditional, face-to-face office visit.
Patients must be aware, too, not just physicians. Steve Nitenson, senior solutions architect at Perficient, urged patients to “be diligent” in reviewing their medical information. Documentation, such as signing your name, is secondary to understanding the paperwork that comes with medical visits. Moreover, if a patient asks a physician or practice for a copy of their medical records, refusal is not an option.
Pay close attention to HIPAA regulations. HIPAA regulations are the backbone of the patient and physician relationship because it enforces how PHI can be exchanged. This is especially true when patients request their information. Nitenson believes patients have “peace of mind” when they get their PHI electronically within the 72-hour window as mandated by HIPAA regulations.
Organizations should set up a security committee. The everyday patient has every right to be concerned over the privacy of their PHI. However, a data breach regarding public figures could be seen as fuel to the fire. Nitenson used the example of UCLA Medical Center’s data breach, where hospital employees looked at the medical records of many celebrities including Tom Cruise, Britney Spears and Maria Shriver without authorization. With a HIPAA violation and subsequent fine in tow, it’s unclear whether a security committee was set up. Nitenson also pointed out that hospitals should appoint an information security officer to take control of conducting a risk analysis.