Though many popular Web sites have strong privacy practices in place, there is still no better time to analyze where, when, how, and if your personal health information (PHI) is circulating through these types of Web sites.
The Ponemon Institute and TRUSTe released its 2009 Most Trusted Companies for Privacy Award recently and ranked eBay, Verizon, the US Postal Service, WebMD, and IBM as the top five. But health leaders must also beware of employees sending any PHI on the Internet.
The last thing you want is to get burned because someone in your organization without authorization sent PHI across Yahoo!, Facebook, or similar sites.
It's not common—though it's possible—for healthcare workers to use these sites to intentionally and maliciously violate patient privacy laws.
More often, healthcare workers sign on during breaks, or when they are off work, and vent about their day with friends without realizing that they share identifiable information and violate HIPAA.
Regardless of how you respond to these privacy and security vulnerabilities, education is crucial, says Chris Apgar, CISSP, president of Apgar & Associates, LLC, in Portland, OR and a HIPAA expert.
"A lot of people are panicking," Apgar says. "But one thing that's not well understood is the danger related to all this."
Transmission over an unsecure network is inevitable, particularly if the sender and the receiver don't share a secure network, says Apgar.
Combat this with these four education models:
An article in the September issue of the Journal of the American Medical Association entitled "Online Posting of Unprofessional Content by Medical Students," revealed that 60% of 80 medical school deans reported incidents involving unprofessional postings on these types of Web sites.
Another 13% acknowledged incidents that violated patient privacy. Some of these violations resulted in expulsions from medical school, according to the article.
"These professionals are well educated, but that doesn't mean they are savvy with security," says Apgar.