Risk
7/3/2012
11:57 AM
50%
50%

Healthcare Social Media: New Software Aims To Limit Risks

SafeGuard, by OpenQ, monitors medical professionals’ use of public networking platforms to make sure they don't break the law.

25 CIOs Who Are Transforming Healthcare
25 CIOs Who Are Transforming Healthcare
(click image for larger view and for slideshow)
Like many professionals, physicians have been climbing aboard the social media juggernaut. But in this brave new world of "we're all connected," medical organizations face an increased risk of running afoul of HIPAA, FDA regulations, and other laws. To mitigate this risk, OpenQ, a Charlottesville, Virginia-based company that focuses on the information technology needs of life sciences companies, has developed SafeGuard, designed to identify and address errant posts in real time.

"Think of SafeGuard as an anti-virus software," said Otavio Freire, OpenQ's co-founder and chief technology officer. "Certain types of communications have the 'signature' of, for example, a HIPAA or other confidential violation. The signature could be based on the language of the message or shared file, characteristics of the poster or follower, or other message qualities."

SafeGuard flags each activity feed, post, and document with a green-light, yellow-light, or red-light risk-level classification, and immediately notifies customers about findings that require their attention. Discussions that pose a serious liability to the organization--a HIPAA or anti-kickback violation, for example--are marked with a red light.

[ For more background on e-prescribing tools, see 6 E-Prescribing Vendors To Watch. ]

Scenarios that are of medium risk, such as negative comments about a practice or inappropriate business language, are marked as yellow. "It is not a one-size-fits-all model, and customers can tweak the dials," said Freire.

The notification method, too, can be configured by the client. "Some prefer to go to a dashboard. Others want an alert via email or in their social business platform activity feed," Freire notes. He also points out that a large healthcare organization will have a different level of regulatory sensitivity than will a small practice. "Healthcare providers can elect to follow up and remediate in the manner they currently undertake for other violations," he said, adding, "SafeGuard offers a native integration with the Salesforce.com Service Cloud to enable companies to create an investigation case from within SafeGuard."

Derek Kosiorek, a senior consultant with the Medical Group Management Association Healthcare Consulting Group, says that SafeGuard can be a useful tool, but in his view it should not be used as a substitute for hiring the right staff to monitor a medical organization or practice's social media activity.

"Social media tends to be proactive," Kosiorek said. "A medical practice or institute should designate a limited number of employees who are knowledgeable about the proper use of social media to make posts on behalf of the organization. And these employees should take initial and regular refresher trainings on what should and shouldn't be shared via the Internet."

Otavio Freire acknowledges that while SafeGuard is designed to free companies from the need to manually review practice- or hospital-related social media activity post-by-post, it does not take the place of internal monitoring. "But it does allow medical practitioners to address much larger communities and message volumes over time," he added.

Get the new, all-digital Healthcare CIO 25 issue of InformationWeek Healthcare. It's our second annual honor roll of the health IT leaders driving healthcare's transformation. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-2977
Published: 2015-07-29
Webservice-DIC yoyaku_v41 allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via unspecified vectors.

CVE-2015-2978
Published: 2015-07-29
Webservice-DIC yoyaku_v41 allows remote attackers to bypass authentication and complete a conference-room reservation via unspecified vectors, as demonstrated by an "unintentional reservation."

CVE-2015-2979
Published: 2015-07-29
Webservice-DIC yoyaku_v41 allows remote attackers to execute arbitrary OS commands via unspecified vectors.

CVE-2015-4286
Published: 2015-07-29
The web framework in Cisco UCS Central Software 1.3(0.99) allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuu41377.

CVE-2015-4290
Published: 2015-07-29
The kernel extension in Cisco AnyConnect Secure Mobility Client 4.0(2049) on OS X allows local users to cause a denial of service (panic) via vectors involving contiguous memory locations, aka Bug ID CSCut12255.

Dark Reading Radio
Archived Dark Reading Radio
What’s the future of the venerable firewall? We’ve invited two security industry leaders to make their case: Join us and bring your questions and opinions!