Healthcare, Social Media and Risk Management

14,149 views

Published on

My current presentation covering risk management. employee access and the use of Social Media by Healthcare professionals

1 Comment
7 Likes
Statistics
Notes
No Downloads
Views
Total views
14,149
On SlideShare
0
From Embeds
0
Number of Embeds
10,616
Actions
Shares
0
Downloads
50
Comments
1
Likes
7
Embeds 0
No embeds

No notes for slide
  • The biggest risk in health care social media is not participating in the conversation.  Simply putting “find me on Facebook” or “follow me on Twitter” badges on your website does not equate with health care social media.  Having noted this, among the most common concerns that seem to limit participation are those regarding professionalism.  So let’s make this as easy as possible, with 12 words to light your way: Don’t Lie, Don’t Pry Don’t Cheat, Can’t Delete Don’t Steal, Don’t Reveal Following these simple rules can prevent most social media miscues, and keep you out of the  Friday Faux Pas  series. Don’t lie:  a good rule in general, it is particularly important online, where nothing is transient and everything is searchable. Don’t pry:  Do not seek out personal health care data or potential protected health information as a part of a social platform conversation. Don’t cheat:  We’ve all heard the old proverb that “Cheaters never prosper,” but some harbor lingering doubts about whether it’s true. In social media, cutting corners is much more likely to be discovered and exposed, and when the truth is revealed it won’t be pretty. Everyone makes mistakes; confess yours immediately. Intentionally “gaming” the system, however, will not reflect well on you or your organization. Can’t delete:  this is an important rule: if it’s still in Google’s cache, you can’t put it in the trash.  The most effective tool to address this is a strategic pause before you post.  Count to 3 and think: 1- To whom are you posting/Who is your audience? 2-Is this post appropriate for all ages? 3-Does my post add value to the ongoing conversation? Don’t steal, don’t reveal:   Give credit where it’s due, and acknowledge those who inspired you or provided information you’re passing along. In Twitter it’s as simple as a retweet or a mention, while in a blog you can share link love. And if information is proprietary or confidential, don’t disclose it in social platforms. Keeping this simple is critical, but there are some additional rules that are worth remembering and  applying . Don’t endorse as a matter of course. Supervisors: Don’t initiate an employee friend request at your own behest. Separate your circle of friends from patients you mend. Corporate logo in your username is a no go. Adding a disclaimer is probably saner. Don’t practice on the Internet, regardless of your good intent. Always surmise that  HIPAA  applies. Speak on your behalf, not that of staff. Anonymity is really gimmicky If you chat about your company, identify abundantly Here is the critical message.  The same general rules that  apply  to offline behavior apply to online behavior.  The difference is the platform online can leverage a mistake to a much wider audience. Errors will occur no matter how careful you are.  That’s why you must develop a social media policy and provide orientation and  training , and when you or others in your organization make mistakes, view them as learning opportunities. There is great power in the conversation.  Know the risks and behave accordingly, but do not be so risk averse that you do not participate. You may want to elaborate in your social media guidelines or policy, but these 12 words provide a solid foundation.
  • The biggest risk in health care social media is not participating in the conversation.  Simply putting “find me on Facebook” or “follow me on Twitter” badges on your website does not equate with health care social media.  Having noted this, among the most common concerns that seem to limit participation are those regarding professionalism.  So let’s make this as easy as possible, with 12 words to light your way: Don’t Lie, Don’t Pry Don’t Cheat, Can’t Delete Don’t Steal, Don’t Reveal Following these simple rules can prevent most social media miscues, and keep you out of the  Friday Faux Pas  series. Don’t lie:  a good rule in general, it is particularly important online, where nothing is transient and everything is searchable. Don’t pry:  Do not seek out personal health care data or potential protected health information as a part of a social platform conversation. Don’t cheat:  We’ve all heard the old proverb that “Cheaters never prosper,” but some harbor lingering doubts about whether it’s true. In social media, cutting corners is much more likely to be discovered and exposed, and when the truth is revealed it won’t be pretty. Everyone makes mistakes; confess yours immediately. Intentionally “gaming” the system, however, will not reflect well on you or your organization. Can’t delete:  this is an important rule: if it’s still in Google’s cache, you can’t put it in the trash.  The most effective tool to address this is a strategic pause before you post.  Count to 3 and think: 1- To whom are you posting/Who is your audience? 2-Is this post appropriate for all ages? 3-Does my post add value to the ongoing conversation? Don’t steal, don’t reveal:   Give credit where it’s due, and acknowledge those who inspired you or provided information you’re passing along. In Twitter it’s as simple as a retweet or a mention, while in a blog you can share link love. And if information is proprietary or confidential, don’t disclose it in social platforms. Keeping this simple is critical, but there are some additional rules that are worth remembering and  applying . Don’t endorse as a matter of course. Supervisors: Don’t initiate an employee friend request at your own behest. Separate your circle of friends from patients you mend. Corporate logo in your username is a no go. Adding a disclaimer is probably saner. Don’t practice on the Internet, regardless of your good intent. Always surmise that  HIPAA  applies. Speak on your behalf, not that of staff. Anonymity is really gimmicky If you chat about your company, identify abundantly Here is the critical message.  The same general rules that  apply  to offline behavior apply to online behavior.  The difference is the platform online can leverage a mistake to a much wider audience. Errors will occur no matter how careful you are.  That’s why you must develop a social media policy and provide orientation and  training , and when you or others in your organization make mistakes, view them as learning opportunities. There is great power in the conversation.  Know the risks and behave accordingly, but do not be so risk averse that you do not participate. You may want to elaborate in your social media guidelines or policy, but these 12 words provide a solid foundation.
  • The biggest risk in health care social media is not participating in the conversation.  Simply putting “find me on Facebook” or “follow me on Twitter” badges on your website does not equate with health care social media.  Having noted this, among the most common concerns that seem to limit participation are those regarding professionalism.  So let’s make this as easy as possible, with 12 words to light your way: Don’t Lie, Don’t Pry Don’t Cheat, Can’t Delete Don’t Steal, Don’t Reveal Following these simple rules can prevent most social media miscues, and keep you out of the  Friday Faux Pas  series. Don’t lie:  a good rule in general, it is particularly important online, where nothing is transient and everything is searchable. Don’t pry:  Do not seek out personal health care data or potential protected health information as a part of a social platform conversation. Don’t cheat:  We’ve all heard the old proverb that “Cheaters never prosper,” but some harbor lingering doubts about whether it’s true. In social media, cutting corners is much more likely to be discovered and exposed, and when the truth is revealed it won’t be pretty. Everyone makes mistakes; confess yours immediately. Intentionally “gaming” the system, however, will not reflect well on you or your organization. Can’t delete:  this is an important rule: if it’s still in Google’s cache, you can’t put it in the trash.  The most effective tool to address this is a strategic pause before you post.  Count to 3 and think: 1- To whom are you posting/Who is your audience? 2-Is this post appropriate for all ages? 3-Does my post add value to the ongoing conversation? Don’t steal, don’t reveal:   Give credit where it’s due, and acknowledge those who inspired you or provided information you’re passing along. In Twitter it’s as simple as a retweet or a mention, while in a blog you can share link love. And if information is proprietary or confidential, don’t disclose it in social platforms. Keeping this simple is critical, but there are some additional rules that are worth remembering and  applying . Don’t endorse as a matter of course. Supervisors: Don’t initiate an employee friend request at your own behest. Separate your circle of friends from patients you mend. Corporate logo in your username is a no go. Adding a disclaimer is probably saner. Don’t practice on the Internet, regardless of your good intent. Always surmise that  HIPAA  applies. Speak on your behalf, not that of staff. Anonymity is really gimmicky If you chat about your company, identify abundantly Here is the critical message.  The same general rules that  apply  to offline behavior apply to online behavior.  The difference is the platform online can leverage a mistake to a much wider audience. Errors will occur no matter how careful you are.  That’s why you must develop a social media policy and provide orientation and  training , and when you or others in your organization make mistakes, view them as learning opportunities. There is great power in the conversation.  Know the risks and behave accordingly, but do not be so risk averse that you do not participate. You may want to elaborate in your social media guidelines or policy, but these 12 words provide a solid foundation.
  • The biggest risk in health care social media is not participating in the conversation.  Simply putting “find me on Facebook” or “follow me on Twitter” badges on your website does not equate with health care social media.  Having noted this, among the most common concerns that seem to limit participation are those regarding professionalism.  So let’s make this as easy as possible, with 12 words to light your way: Don’t Lie, Don’t Pry Don’t Cheat, Can’t Delete Don’t Steal, Don’t Reveal Following these simple rules can prevent most social media miscues, and keep you out of the  Friday Faux Pas  series. Don’t lie:  a good rule in general, it is particularly important online, where nothing is transient and everything is searchable. Don’t pry:  Do not seek out personal health care data or potential protected health information as a part of a social platform conversation. Don’t cheat:  We’ve all heard the old proverb that “Cheaters never prosper,” but some harbor lingering doubts about whether it’s true. In social media, cutting corners is much more likely to be discovered and exposed, and when the truth is revealed it won’t be pretty. Everyone makes mistakes; confess yours immediately. Intentionally “gaming” the system, however, will not reflect well on you or your organization. Can’t delete:  this is an important rule: if it’s still in Google’s cache, you can’t put it in the trash.  The most effective tool to address this is a strategic pause before you post.  Count to 3 and think: 1- To whom are you posting/Who is your audience? 2-Is this post appropriate for all ages? 3-Does my post add value to the ongoing conversation? Don’t steal, don’t reveal:   Give credit where it’s due, and acknowledge those who inspired you or provided information you’re passing along. In Twitter it’s as simple as a retweet or a mention, while in a blog you can share link love. And if information is proprietary or confidential, don’t disclose it in social platforms. Keeping this simple is critical, but there are some additional rules that are worth remembering and  applying . Don’t endorse as a matter of course. Supervisors: Don’t initiate an employee friend request at your own behest. Separate your circle of friends from patients you mend. Corporate logo in your username is a no go. Adding a disclaimer is probably saner. Don’t practice on the Internet, regardless of your good intent. Always surmise that  HIPAA  applies. Speak on your behalf, not that of staff. Anonymity is really gimmicky If you chat about your company, identify abundantly Here is the critical message.  The same general rules that  apply  to offline behavior apply to online behavior.  The difference is the platform online can leverage a mistake to a much wider audience. Errors will occur no matter how careful you are.  That’s why you must develop a social media policy and provide orientation and  training , and when you or others in your organization make mistakes, view them as learning opportunities. There is great power in the conversation.  Know the risks and behave accordingly, but do not be so risk averse that you do not participate. You may want to elaborate in your social media guidelines or policy, but these 12 words provide a solid foundation.
  • Here's are a few of the ways Hospitals are using Social Media right now. (focus on the Patient Ed / Customer Service / Brand monitoring points)
  • Here's are a few of the ways Hospitals are using Social Media right now. (focus on the Patient Ed / Customer Service / Brand monitoring points)
  • Healthcare, Social Media and Risk Management

    1. 1. Healthcare, Social Media and Risk Management Ed Bennett University of Maryland Medical System
    2. 2. Themes for today: My Background Current Realities of Social Media Perceived Risks vs. Actual Risks Framing the Social Media decision Opening Access at UMMC
    3. 3. Page  3 My Background Pre-1980 Juggler & Street Performer Core Web Management Skills
    4. 4. My Background Pre-1980 Juggler & Street Performer 1980 - 1994 Microfilm Technician, Software Trainer http://www.flickr.com/photos/zigazou76/6310027720/
    5. 5. Page  5 My Background Pre-1980 Juggler & Street Performer 1980 - 1994 Microfilm Technician, Software Trainer 1994 - 1999 Web Consultant
    6. 6. Page  6 My Background 1999 - Now University of Maryland Medical System All Things Web Technical Infrastructure Content Development Application Development Web Marketing Strategy Analytics / Mobile / SEO / Video Social Media
    7. 7. Page  7
    8. 8. Current Realities of Social Media • It’s not going away • It will replace email (and that's good) • Smart phones = constant access • Preferred tool for many users
    9. 9. Current Realities of Social Media Primary Reasons for Visiting Professional Online Networks • Access to thought leadership • Showcase myself or company • Keep track of peers/colleagues • Brand tracking/management • Research business decisions • Improve reliability of information • Inform the development of strategy • Increase speed of collaboration with customers & employees • Accelerate decision-making processes through peer input • Reduce travel costs - Society for New Communications Research study
    10. 10. Patient Expectations When it comes to Social Media: • They trust healthcare providers • They are influenced by our messages • They want us to respond • They want support afterwards Source: PwC HRI Social Media Consumer Survey, 2012
    11. 11. Consumers are more likely to share social media information from healthcare providers Doctor Hospital Health Insurer Drug Company Source: PwC HRI Social Media Consumer Survey, 2012 N = 1,060
    12. 12. Consumers value information and services that make healthcare easier to manage Source: PwC HRI Social Media Consumer Survey, 2012 N = 1,060 Percentage of respondents finding value in services offered by healthcare providers in social media
    13. 13. HIPAA & privacy violations IT security Loss of message control Employee productivity Perceived Risks of Social Media
    14. 14. B I N G O Productivity Privacy Not Professional Bandwidth IT Rules Security HIPAA Reputation No Rules Viruses Liability Time Waster Staff Morale Risky Hackers Lawsuits For Kids Costly Data Loss No Control Malware Scary HR Policy Patient Safety Web Blocking Bingo!
    15. 15. 1. Staff can access social media on personal devices. 2. Access is a management decision, not just one by IT or HR. 3. Create social media polices and guidelines, then enforce them. 4. Provide training about social media risks and opportunities. 5. Social media sites are web sites, so virus and malware risks are similar and can be managed. 6. Even if you block social media, staff can and will visit other sites. 7. Educate users about managing security risks (e.g., creating passwords, recognizing suspicious emails, messages, links, etc.) Answers to Common Objections
    16. 16. 1. Staff can access Social Media on personal devices 2. Access is a management decision, not just one by IT or HR. 3. Create social media polices and guidelines, then enforce them. 4. Provide training about social media risks and opportunities. 5. Social media sites are web sites, so virus and malware risks are similar and can be managed. 6. Even if you block social media, staff can and will visit other sites. 7. Educate users about managing security risks (e.g., creating passwords, recognizing suspicious emails, messages, links, etc.) B I N G O Productivity Not Professional Reputation Time Waster No Control
    17. 17. 1. Staff can access Social Media on personal devices. 2. Access is a management decision, not just one by IT or HR. 3. Create social media polices and guidelines, then enforce them. 4. Provide training about social media risks and opportunities. 5. Social media sites are web sites, so virus and malware risks are similar and can be managed. 6. Even if you block social media, staff can and will visit other sites. 7. Educate users about managing security risks (e.g., creating passwords, recognizing suspicious emails, messages, links, etc.) B I N G O Privacy HIPAA Liability Lawsuits Data Loss
    18. 18. 1. Staff can already access web on personal devices during work day. 2. Access is a management decision, not just one by IT or HR. 3. Create social media polices and guidelines, then enforce them. 4. Provide training about social media risks and opportunities. 5. Social media sites are web sites, so virus and malware risks are similar and can be managed. 6. Even if you block social media, staff can and will visit other sites. 7. Educate users about managing security risks (e.g., creating passwords, recognizing suspicious emails, messages, links, etc.) B I N G O IT Rules Hackers Malware Viruses Security Bandwidth
    19. 19. Real Risks of avoiding Social Media • Web adoption lessons from 1998-2001 • Not meeting employee / patient expectations • Loss of visibility
    20. 20. Employee Expectations
    21. 21. Employee Expectations
    22. 22. Patient Expectations “You trust your staff with my life, but think they can’t handle Facebook?” “You cut off my support network when I needed it the most” Patient responses to UMMC blocking Social Media
    23. 23. Social Media Risk Management = Employee Management
    24. 24. Social Media Policy Basics  Social Media sites are not HIPAA controlled services  But staff must follow existing rules:  Patient Privacy  HIPAA  Behavior Standards  Official policies and procedures limit liability
    25. 25. Staff Policies and Guidelines “No hospital has been sued for HIPAA violations on social media. Some employees have been in violation but all issues have been resolved through HR means.” David Harlow, JD MPH Principal, The Harlow Group
    26. 26. A 12-Word Social Media Policy Don’t Lie, Don’t Pry Don’t Cheat, Can’t Delete Don’t Steal, Don’t Reveal Farris Timimi, M.D. Medical Director Mayo Clinic Center for Social Media
    27. 27. Social Media Policy and Employee Guidance  First and Foremost, Respect the Privacy of our Patients  Live the Ministry Promise and Values When Online  Be a Productive, High-Performing Workforce Member  Realize That Social Media Posts are NOT Private  Don’t Jeopardize Your Reputation and/or Future Employment Opportunities By Will Weider, CIO of Ministry Health Care
    28. 28. Education and Best Practices Require annual training for all staff Provide tools for managers Packaged presentations Videos FAQ’s Encourage discussion Acknowledge gray areas
    29. 29. Staff Education http://www.youtube.com/watch?v=44txjIgnOzU
    30. 30. Education and Best Practices
    31. 31. Monitoring
    32. 32. Opening Access at UMMC
    33. 33. Opening Access at UMMC Websense in place since 2004  Blocked Facebook  Most Blogging platforms  Broke many non-social media sites  Blocked patient education / professional resources
    34. 34. Opening Access at UMMC Why Change?  Patient Satisfaction – #1 Driver  Respect for Hospital Staff  Lessons learned from the first Web cycle  Opportunity to reach & build communities
    35. 35. Opening Access at UMMC The Process – all of 2010  Driven by our CEO  Lots of meetings and memos with  Legal / Compliance / IT / HR  Clinical Leadership  Policies and staff guidelines  Education and training
    36. 36. One Year Later… Opened access on January 1, 2011 !
    37. 37. Opening Access at UMMC Results  A “No Drama” launch  Decreased patient complaints  Increased employee awareness  Social media = business as usual
    38. 38. Open access = new services Examples from UMMC:  Patient support groups on Facebook  Department groups on Facebook  Fundraising
    39. 39. Patient Support Groups on Facebook  Liver Transplant  Digestive Diseases Launched in March 2011 Between 50 and 75 members each  Hepatitis C  Trauma Survivors
    40. 40. Patient Support Group
    41. 41.  Outgrowth of traditional IRL groups  Managed by the same group leader  Mix of closed & secret groups  Posts are private to the group Set up & sanctioned by the UMMC Communications Department Patient Support Groups on Facebook
    42. 42. Shock Trauma EMS Office
    43. 43. Dozer the Dog
    44. 44. Fundraising
    45. 45.  Huge media relations effort  New Fundraising Website  Video production  Facebook, Twitter, YouTube and Blogs  Monitoring  Hundreds of blog posts, tweets and shares  Local / national / international media coverage  Over 500,000 YouTube views  $30,000 raised from 700 donors The Sum: The Parts:
    46. 46. Resources: The Mayo Clinic Center for Social Media http://socialmedia.mayoclinic.org HIMSS White Paper Social Media in Healthcare: Privacy and Security Considerations http://hcsm.me/10QkEzS Bryan Vartabedian, MD - Pediatric Gastroenterologist at Texas Children's Hospital/Baylor College of Medicine http://33charts.com Price Waterhouse Coopers Social Media “Likes” Healthcare http://hcsm.me/pwchealth
    47. 47. Thank You Ed Bennett Director, Web & Communications Technology University of Maryland Medical System 410-328-0771 ebennett@umm.edu / ed@ebennett.org umm.edu / ebennett.org Twitter: @edbennett www.ummsfoundation.org/dozer

    ×