Risk
7/3/2012
11:57 AM
50%
50%

Healthcare Social Media: New Software Aims To Limit Risks

SafeGuard, by OpenQ, monitors medical professionals’ use of public networking platforms to make sure they don't break the law.

25 CIOs Who Are Transforming Healthcare
25 CIOs Who Are Transforming Healthcare
(click image for larger view and for slideshow)
Like many professionals, physicians have been climbing aboard the social media juggernaut. But in this brave new world of "we're all connected," medical organizations face an increased risk of running afoul of HIPAA, FDA regulations, and other laws. To mitigate this risk, OpenQ, a Charlottesville, Virginia-based company that focuses on the information technology needs of life sciences companies, has developed SafeGuard, designed to identify and address errant posts in real time.

"Think of SafeGuard as an anti-virus software," said Otavio Freire, OpenQ's co-founder and chief technology officer. "Certain types of communications have the 'signature' of, for example, a HIPAA or other confidential violation. The signature could be based on the language of the message or shared file, characteristics of the poster or follower, or other message qualities."

SafeGuard flags each activity feed, post, and document with a green-light, yellow-light, or red-light risk-level classification, and immediately notifies customers about findings that require their attention. Discussions that pose a serious liability to the organization--a HIPAA or anti-kickback violation, for example--are marked with a red light.

[ For more background on e-prescribing tools, see 6 E-Prescribing Vendors To Watch. ]

Scenarios that are of medium risk, such as negative comments about a practice or inappropriate business language, are marked as yellow. "It is not a one-size-fits-all model, and customers can tweak the dials," said Freire.

The notification method, too, can be configured by the client. "Some prefer to go to a dashboard. Others want an alert via email or in their social business platform activity feed," Freire notes. He also points out that a large healthcare organization will have a different level of regulatory sensitivity than will a small practice. "Healthcare providers can elect to follow up and remediate in the manner they currently undertake for other violations," he said, adding, "SafeGuard offers a native integration with the Salesforce.com Service Cloud to enable companies to create an investigation case from within SafeGuard."

Derek Kosiorek, a senior consultant with the Medical Group Management Association Healthcare Consulting Group, says that SafeGuard can be a useful tool, but in his view it should not be used as a substitute for hiring the right staff to monitor a medical organization or practice's social media activity.

"Social media tends to be proactive," Kosiorek said. "A medical practice or institute should designate a limited number of employees who are knowledgeable about the proper use of social media to make posts on behalf of the organization. And these employees should take initial and regular refresher trainings on what should and shouldn't be shared via the Internet."

Otavio Freire acknowledges that while SafeGuard is designed to free companies from the need to manually review practice- or hospital-related social media activity post-by-post, it does not take the place of internal monitoring. "But it does allow medical practitioners to address much larger communities and message volumes over time," he added.

Get the new, all-digital Healthcare CIO 25 issue of InformationWeek Healthcare. It's our second annual honor roll of the health IT leaders driving healthcare's transformation. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-3308
Published: 2015-09-02
Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point.

CVE-2015-6587
Published: 2015-09-02
The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service (out-of-bounds read and crash) via a crafted regular expression in a VL_ListAttributesN2 RPC.

CVE-2015-6805
Published: 2015-09-02
Cross-site scripting (XSS) vulnerability in the MDC Private Message plugin 1.0.0 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the message field in a private message.

CVE-2013-7444
Published: 2015-09-01
The Special:Contributions page in MediaWiki before 1.22.0 allows remote attackers to determine if an IP is autoblocked via the "Change block" text.

CVE-2015-2807
Published: 2015-09-01
Cross-site scripting (XSS) vulnerability in js/window.php in the Navis DocumentCloud plugin before 0.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter.

Dark Reading Radio
Archived Dark Reading Radio
Another Black Hat is in the books and Dark Reading was there. Join the editors as they share their top stories, biggest lessons, and best conversations from the premier security conference.