Wednesday, February 18, 2009

The State of the Blog

As many of you know, one of the early projects that I was tasked with was development of a blog for the hospital. At the time this was sort of daunting, because there were only a handful of hospitals blogging, in any capacity. From the perspective of our institution on only a few of those were doing it well.

But I must give credit to blogs like this one and for helping me to make the case.

So I began the process of making a case for the blog, I wrote the beginnings of the guidelines documents while on vacation. Submitted the project to our IS new project cue for approval and assignment. Just in the past few months, I have begun to recruit bloggers, test layouts, and take my guidelines and work-flow concepts to our legal department.

I hesitate to report this because I feel that as soon as I do so, all "heck" will probably break loose. But the state of the blog project is good.

Other than the time that it took to make it to the table of the IT project review board, the processes has not as difficult as I imagined it would be. There have been very few heated discussions or disagreements. Most of the criticism has been absolutely constructive and has prompted me to go back, do a little more research and find creative solutions to gaps in the process.

I think the secret here is that people have been slow to warm to the concept, and our pace has allowed them to warm slowly. Also at no point has the project been half baked. We were careful to really spend the time thinking through all aspects of the project before we took it "public" There have been times that we did not have all of the answers, but those were all moments where I learned a bit more about the institution and the volumes of guidelines and standards we strive to adhere too.

I really believe that I am just a few months away from launching this project. Stay tuned...

Friday, February 6, 2009

Not Getting around HipAA

More than once, in the past few days I have been asked about how we" get around" HIPAA requirements in Facebook.

ex. dchstx @JennTex are you familiar with any HIPAA issues and social media, specifically use of images of friends/fans as profile pics?

The answer is we don’t.

The Health Insurance Portability and Accountability Act requires that we do not identify patients or their PHI without their express permission.

So we do not;

  • Post images of people identified as patients on our Facebook page without a signed consent form. As you may notice we do not have very many pictures out there
  • Allow wall posts from people who identify themselves as patients and then begin sharing their PHI with the audience.
  • Allow patients to post images or videos to our pages
But the question has also been asked about the issue of fan photos in the page. I think it is wrong to assume that all of our fans are patients. Our fans consist of media, caregivers, employees, potential employees, and yes patients. Unless you choose to go to and click on every one of those fan profiles you most likely could not easily identify which are patients. Facebook also allows people to hide their profile information from the public if they choose. So you have to be a friend of that person to see any personal information about them.

PHI would only be compromised if they...
  • Are a fan
  • Are a patient, and identify themselves as such
  • Are sharing PHI on their personal page
  • Have not locked their page from the public
Facebook does offer these security features, but you must choose to use them.

I often try to draw comparisons to real life communications efforts when trying to understand and apply guidelines to our social media use. I equate this to a patient standing on our steps yelling their diagnosis and treatment plan out to the passing public. Short of kicking them off of our steps, how could we protect them futher? In that case we would have done our due diligence.

Recently I saw a video, on Youtube that a caregiver shot in our hospital, it was clearly our hospital. He was going to visit a family member, we saw his parking spot, his elevator ride, the room number he was visiting... Then he tagged the video with our name. That was really too much information. But my point is if they want to share their information they will do it, whether we exist on Facebook or not.