Risk
7/3/2012
11:57 AM
Connect Directly
RSS
E-Mail
50%
50%

Healthcare Social Media: New Software Aims To Limit Risks

SafeGuard, by OpenQ, monitors medical professionals’ use of public networking platforms to make sure they don't break the law.

25 CIOs Who Are Transforming Healthcare
25 CIOs Who Are Transforming Healthcare
(click image for larger view and for slideshow)
Like many professionals, physicians have been climbing aboard the social media juggernaut. But in this brave new world of "we're all connected," medical organizations face an increased risk of running afoul of HIPAA, FDA regulations, and other laws. To mitigate this risk, OpenQ, a Charlottesville, Virginia-based company that focuses on the information technology needs of life sciences companies, has developed SafeGuard, designed to identify and address errant posts in real time.

"Think of SafeGuard as an anti-virus software," said Otavio Freire, OpenQ's co-founder and chief technology officer. "Certain types of communications have the 'signature' of, for example, a HIPAA or other confidential violation. The signature could be based on the language of the message or shared file, characteristics of the poster or follower, or other message qualities."

SafeGuard flags each activity feed, post, and document with a green-light, yellow-light, or red-light risk-level classification, and immediately notifies customers about findings that require their attention. Discussions that pose a serious liability to the organization--a HIPAA or anti-kickback violation, for example--are marked with a red light.

[ For more background on e-prescribing tools, see 6 E-Prescribing Vendors To Watch. ]

Scenarios that are of medium risk, such as negative comments about a practice or inappropriate business language, are marked as yellow. "It is not a one-size-fits-all model, and customers can tweak the dials," said Freire.

The notification method, too, can be configured by the client. "Some prefer to go to a dashboard. Others want an alert via email or in their social business platform activity feed," Freire notes. He also points out that a large healthcare organization will have a different level of regulatory sensitivity than will a small practice. "Healthcare providers can elect to follow up and remediate in the manner they currently undertake for other violations," he said, adding, "SafeGuard offers a native integration with the Salesforce.com Service Cloud to enable companies to create an investigation case from within SafeGuard."

Derek Kosiorek, a senior consultant with the Medical Group Management Association Healthcare Consulting Group, says that SafeGuard can be a useful tool, but in his view it should not be used as a substitute for hiring the right staff to monitor a medical organization or practice's social media activity.

"Social media tends to be proactive," Kosiorek said. "A medical practice or institute should designate a limited number of employees who are knowledgeable about the proper use of social media to make posts on behalf of the organization. And these employees should take initial and regular refresher trainings on what should and shouldn't be shared via the Internet."

Otavio Freire acknowledges that while SafeGuard is designed to free companies from the need to manually review practice- or hospital-related social media activity post-by-post, it does not take the place of internal monitoring. "But it does allow medical practitioners to address much larger communities and message volumes over time," he added.

Get the new, all-digital Healthcare CIO 25 issue of InformationWeek Healthcare. It's our second annual honor roll of the health IT leaders driving healthcare's transformation. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0985
Published: 2014-09-20
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the NodeName parameter.

CVE-2014-0986
Published: 2014-09-20
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the GotoCmd parameter.

CVE-2014-0987
Published: 2014-09-20
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the NodeName2 parameter.

CVE-2014-0988
Published: 2014-09-20
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the AccessCode parameter.

CVE-2014-0989
Published: 2014-09-20
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the AccessCode2 parameter.

Best of the Web
Dark Reading Radio