Social media has both helped and hurt organizations and healthcare is certainly no exclusion. Many entities are getting on, or have been on for some time, the social media band wagon. In fact this is not the first time we’ve mentioned it here on our own blog. Some organizations have seen a great boon when it comes to using the many varied venues of social media, with probably the exception of anyone still left on MySpace. However, social media can also hurt organizations, and while the cases tend to be somewhat cut-and-dry, “you posted a patient’s personal information on Facebook, so you are fired” it’s the organizational response which I find most interesting. Searches on the internet can find many organization’s social media policies posted online (I don’t understand this; but that’s for another day). Perusing these policies you get the gamut from ‘gentle guidance’ to Orwellian 1984-esque policies. So why such a spectrum? Organizational culture aside, they are mostly indicative to where breaches have occurred. While I understand that healthcare breaches are (starting to be) a big thing, I believe the over-handed policies go too far and will never make the changes they strive for. Some of these policies read like they are taking away an employee’s right to express themselves via any social media outlet without the oversight and approval of management, even if it’s their own personal account written during non-business hours. This is also usually followed up with web filtering to remove the ability to gain access to Facebook, Twitter, or other popular social media sites (sorry again MySpace). Ironically enough, I’ve seen this happen and then the company emails all employees saying to “like” the company’s Facebook page and/or follow their Twitter feed. This tactic will never work for a few main reasons. Human are social and companies can’t filter all channels to social media, even during business hours (i.e., smartphones). Remember when Egypt attempted to block Twitter during the protests? Short of the having the ‘Thought Police’ and ‘Ministry of Love’, people will always share their thoughts, some more than others. With the many technological advances it’s become easier and easier, now people can take a photo and upload it to their medium of choice in seconds. This can lead to some fairly significant issues for organizations, especially healthcare. So how does an entity prevent these breaches? By setting expectations with reasonable limitations. What I mean by this is educate everyone what is acceptable and what is not. Telling employees that they can’t say anything bad about their job isn’t going to work. Telling them that they can’t use copyrighted materials (logos) or act as a company agent on a personal blog is acceptable. Informing them of libel and how far is too far is key for when employees become disgruntled (hopefully this never happens to you). Understanding that filtering social media sites is not going to be a control that prevents material from getting online and that it will be a time management control at best (assuming smartphones aren’t prevalent). The successful policy both defines the acceptable boundaries of personal social media as it relates to the organization and educating employees on what to self-scrutinize before posting; pictures from work with a patient walking in the background, posts that may read like an organization-sanctioned post, etc. This ensures that the “what” comes across but also the “why.” This balanced approach is at least easier for organizations that don’t yet have their own Thought Police.
Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
YouTube session cookie.
Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.
Analytics cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.
Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
Cookies are small text files that can be used by websites to make a user's experience more efficient. The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission. This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.
Discover why security operations teams choose NetSPI.