Risk
7/3/2012
11:57 AM
Connect Directly
RSS
E-Mail
50%
50%

Healthcare Social Media: New Software Aims To Limit Risks

SafeGuard, by OpenQ, monitors medical professionals’ use of public networking platforms to make sure they don't break the law.

25 CIOs Who Are Transforming Healthcare
25 CIOs Who Are Transforming Healthcare
(click image for larger view and for slideshow)
Like many professionals, physicians have been climbing aboard the social media juggernaut. But in this brave new world of "we're all connected," medical organizations face an increased risk of running afoul of HIPAA, FDA regulations, and other laws. To mitigate this risk, OpenQ, a Charlottesville, Virginia-based company that focuses on the information technology needs of life sciences companies, has developed SafeGuard, designed to identify and address errant posts in real time.

"Think of SafeGuard as an anti-virus software," said Otavio Freire, OpenQ's co-founder and chief technology officer. "Certain types of communications have the 'signature' of, for example, a HIPAA or other confidential violation. The signature could be based on the language of the message or shared file, characteristics of the poster or follower, or other message qualities."

SafeGuard flags each activity feed, post, and document with a green-light, yellow-light, or red-light risk-level classification, and immediately notifies customers about findings that require their attention. Discussions that pose a serious liability to the organization--a HIPAA or anti-kickback violation, for example--are marked with a red light.

[ For more background on e-prescribing tools, see 6 E-Prescribing Vendors To Watch. ]

Scenarios that are of medium risk, such as negative comments about a practice or inappropriate business language, are marked as yellow. "It is not a one-size-fits-all model, and customers can tweak the dials," said Freire.

The notification method, too, can be configured by the client. "Some prefer to go to a dashboard. Others want an alert via email or in their social business platform activity feed," Freire notes. He also points out that a large healthcare organization will have a different level of regulatory sensitivity than will a small practice. "Healthcare providers can elect to follow up and remediate in the manner they currently undertake for other violations," he said, adding, "SafeGuard offers a native integration with the Salesforce.com Service Cloud to enable companies to create an investigation case from within SafeGuard."

Derek Kosiorek, a senior consultant with the Medical Group Management Association Healthcare Consulting Group, says that SafeGuard can be a useful tool, but in his view it should not be used as a substitute for hiring the right staff to monitor a medical organization or practice's social media activity.

"Social media tends to be proactive," Kosiorek said. "A medical practice or institute should designate a limited number of employees who are knowledgeable about the proper use of social media to make posts on behalf of the organization. And these employees should take initial and regular refresher trainings on what should and shouldn't be shared via the Internet."

Otavio Freire acknowledges that while SafeGuard is designed to free companies from the need to manually review practice- or hospital-related social media activity post-by-post, it does not take the place of internal monitoring. "But it does allow medical practitioners to address much larger communities and message volumes over time," he added.

Get the new, all-digital Healthcare CIO 25 issue of InformationWeek Healthcare. It's our second annual honor roll of the health IT leaders driving healthcare's transformation. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2363
Published: 2014-07-26
Morpho Itemiser 3 8.17 has hardcoded administrative credentials, which makes it easier for remote attackers to obtain access via a login request.

CVE-2014-3071
Published: 2014-07-26
Cross-site scripting (XSS) vulnerability in the Data Quality Console in IBM InfoSphere Information Server 11.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL for adding a project connection.

CVE-2014-3301
Published: 2014-07-26
The ProfileAction controller in Cisco WebEx Meetings Server (CWMS) 1.5(.1.131) and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned messages, aka Bug ID CSCuj81700.

CVE-2014-3305
Published: 2014-07-26
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCuj81735.

CVE-2014-3324
Published: 2014-07-26
Multiple cross-site scripting (XSS) vulnerabilities in the login page in the administrative web interface in Cisco TelePresence Server Software 4.0(2.8) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCup90060.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.