Whereas these “social networking” sites originally began as glorified electronic bulletin boards, appealing mainly to teens and gamers, many legitimate organizations have begun using them, including chambers of commerce, business and industry trade associations, alumni groups, churches, charities, government entities and even many corporations. This has increased their usefulness — and their reach.
The wide range of sites and the numbers of users involved in them is staggering. In fact, Wikipedia has a list of over 150 social networking sites, ranging from Facebook, with over 400 million reported users, to Ravelry, a site for those interested in knitting and crochet, with a mere 331,000 reported users.
Should you allow employees to access these sites, and, if so, what risks should you be aware of?
First, you need to understand that these sites really have no one — at least no one that you can rely on — to monitor content, enforce any rules or keep the bad guys out. You should always be vigilant and assume the worst.
Second, just like with every other useful transport and communication medium like eimail, instant messaging and corporate Web sites, social networking platforms have become a vehicle for spreading and delivering viruses, spyware and other malicious “malware.” Since many of the sites allow — and even encourage — users to post a significant amount of personal information, this increases the risks from identity theft, loss or compromise of corporate data and related issues.
Additionally, there are certainly HIPAA Security issues, as well as other business/security issues to consider.
Most people would not be stupid enough to post confidential patient health information online, but even a seemingly innocent posting could turn negative. There was a recent news article where a family member of a patient was particularly pleased with the treatment a loved one had received at a facility. She wanted to compliment a specific member of the clinical staff, so she went online to search them out. Somehow she stumbled upon the person’s online personal page, where the caregiver had posted some negative comments about her job, her boss and her facility. This changed the situation from having a pleased customer to having a disciplinary issue in the facility.
Social media, just like any communication tool, has both positive and negative aspects to it. You should be aware of both sides before just assuming that more exposure is always better. And you need to discuss with your management team what Internet policies you are going to adopt for your facilities — not just for social networking but for all computer/network use. And lastly, you need to educate your staff as to the safe and sound use of these systems.
Marion Jenkins, PhD, is founder and CEO of QSE Technologies, which provides IT consulting services for ASCs and other medical facilities nationwide. Learn more about QSE Technologies at www.qsetech.com.
