Containing the Patient Privacy Breach

John Commins, for HealthLeaders Media , October 13, 2010
Are you a health leader?
Qualify for a free subscription to HealthLeaders magazine.

Social media creates new challenges for patient privacy.

Patient confidentially used to be a simple concept, simply enforced. Healthcare workers, for the most part, knew not to poke their nose in the records room or gossip about patients' medical issues. Privacy breaches, when they occurred, could be contained. 

Along came electronic medical records, Internet social sites like Twitter and Facebook, and hackers. These newfangled online outlets provide—literally and in an instant—global access to patients' medical records, which makes breaches a lot more serious and enforcement a lot tougher.

"Patient information is like radioactive material," says Arthur R. Derse, MD, director of the Center for Bioethics and Medical Humanities at the Medical College of Wisconsin in Milwaukee. "It must be protected. It must be contained. It cannot be taken out of the building, sent out of the building, or looked at inappropriately if the employee is not permitted to access it.

"The problem is students and employees and younger folks coming into work think of Facebook and Twitter as something you do. Just as you shouldn't be saying anything about patients on the telephone, you shouldn't be Twittering or Facebooking about work," Derse says.

Fortunately, the concept of patient confidentiality has remained as simple now as it was in the time of Hippocrates. Rather than devising detailed, multilayered responses to every new social networking outlet that pops up every few months, effective patient confidentiality guidelines should identify the new threats but focus on instilling that simple and ancient principle with trustworthy employees. 

Pamela Paulk, vice president of human resources at Johns Hopkins Hospital and Johns Hopkins Health System, says the Baltimore-based health system's confidentiality guidelines are based upon trust. "We really do believe that our employees are going to do the right thing," Paulk says. "Our guidelines say that everybody has gone through HIPAA training and signed their confidentiality agreements. We say that extends to social media, anything that would apply at work applies on social media. That is basically the guidelines."

1 | 2 | 3

Comments are moderated. Please be patient.




FREE e-Newsletters Join the Council Subscribe to HL magazine


100 Winners Circle Suite 300
Brentwood, TN 37027


About | Advertise | Terms of Use | Privacy Policy | Reprints/Permissions | Contact
© HealthLeaders Media 2016 a division of BLR All rights reserved.