Social Networking 9/25/2012 1 What is Social Networking? Blogging type of website maintained by an individual with regular entries of commentary, description of events or other material such as graphics or videos. Social Networking Sites - Internet sites that provide a variety of ways for users to interact, such as email messaging, posting informational web pages and picture exchange services. 9/25/2012 2 Social Networking Site Examples MySpace Facebook Twitter YouTube LinkedIn Indystar.com Clarian Employee Forum on Pulse Caring Bridge 9/25/2012 3 1
What is the Concern? 9/25/2012 4 Information and pictures of IU Health patients are showing up on these sites! Users of these services need to be aware of real threats and risks associated with these services such as: Identity theft Damage to the reputation of the patient, user and/or organization Risks of infection by malicious computer software such as viruses and worms 9/25/2012 5 Professional Boundaries IU Health recognizes employees may participate in online social networking and blogging services anywhere and anytime. Employees must remember they have an ongoing obligation to protect the privacy and confidentiality of IU Health patients, families and fellow employees even when not at work. 9/25/2012 6 2
but My Patient s are Like Family! IU Health recognizes that our health care providers sometimes develop close and long term relationships with patients. However, social networking services and Internet blogging sites pose a unique risk to IU Health and yourself because of ongoing responsibilities to protect the privacy and confidentiality of all those who seek services here. 9/25/2012 7 What is Confidential Information? Patient demographics Information regarding the extent or nature of patient s illness Illness or condition Symptoms Diagnosis and treatment Medical Service Communication between patient and practitioner 9/25/2012 8 Breach of Patient Confidentiality Sharing any private or confidential information through blogging or social networking sites on the Internet is a breach of patient confidentiality and a violation of IU Health policies, procedures and applicable law. Violators are subject to immediate discipline, up to and including termination. Any known or suspected activity MUST be reported to your manager, Compliance Services office, or TrustLine. 9/25/2012 9 3
Cost of a Breach Health and Human Services fines: Violation Each violation All such violations of an identical provision in a calendar year Did Not Know $100-$50,000 $1,500,000 Reasonable Cause 1,000-50,000 1,500,000 Willful Neglect-Corrected 10,000-50,000 1,500,000 Willful Neglect-Not Corrected 50,000 1,500,000 9/25/2012 10 Other Cost Damage to the facility, departments and/or clinics reputation Loss of a patient Approximately $400 per involved individual to send notification and credit monitoring Media exposure Corrective action 9/25/2012 11 Case Scenario A nurse texts or posts the following statement: I had a rough day at work today, I am so tired! Acceptable? Not Acceptable? 9/25/2012 12 4
The message: I had a rough day at work today, I am so tired! Is an acceptable message. 9/25/2012 13 Case Scenario A nurse texts or posts the following statement: Patients on 3B today were awful! Paged me about this and that ugh!!! Acceptable? Not Acceptable? 9/25/2012 14 The message: Patients on 3B today were awful! Paged me about this and that ugh!!! Is not an acceptable message. The message provides too much information. 9/25/2012 15 5
Case Scenario A nurse texts or posts the following statement: A patient came in today with a really bad fracture. See the picture! Acceptable? Not Acceptable? 9/25/2012 16 The message: A patient came in today with a really bad fracture. See the picture! Is not an acceptable message. The message provides too much information. 9/25/2012 17 Case Scenario A nurse texts or posts the following statement: I wish the urology team would have one day without a patient going bad! Acceptable? Not Acceptable? 9/25/2012 18 6
The message: I wish the urology team would have one day without a patient going bad! Is not an acceptable message. The message provides too much information. 9/25/2012 19 Reminders to Help You DO NOT: Take pictures of patients without a health care reason and written consent. Post any pictures of patients received from the patient (or surrogate) in public spaces, on the internet, etc. Share patient sensitive or other confidential information in personal emails, professional association blogs, newspaper blogs or other networking sites. 9/25/2012 20 Other Resources Online IU Health Polices HIPAA 2.01 - Reasonable Safeguards for Privacy and Confidentiality of Protected Health Information ADM 2.05 Internet Social Networking HR 105 Corrective Action ADM 1.13 - Standards of Conduct for Business Practices (Code of Ethics) HIPAA Privacy and Security Training Modules Department Management Compliance Services Office IU Health Privacy Officer TrustLine 9/25/2012 21 7
Questions? 9/25/2012 22 8