"Think of SafeGuard as an anti-virus software," said Otavio Freire, OpenQ's co-founder and chief technology officer. "Certain types of communications have the 'signature' of, for example, a HIPAA or other confidential violation. The signature could be based on the language of the message or shared file, characteristics of the poster or follower, or other message qualities."
SafeGuard flags each activity feed, post, and document with a green-light, yellow-light, or red-light risk-level classification, and immediately notifies customers about findings that require their attention. Discussions that pose a serious liability to the organization--a HIPAA or anti-kickback violation, for example--are marked with a red light.
[ For more background on e-prescribing tools, see 6 E-Prescribing Vendors To Watch. ]
Scenarios that are of medium risk, such as negative comments about a practice or inappropriate business language, are marked as yellow. "It is not a one-size-fits-all model, and customers can tweak the dials," said Freire.
The notification method, too, can be configured by the client. "Some prefer to go to a dashboard. Others want an alert via email or in their social business platform activity feed," Freire notes. He also points out that a large healthcare organization will have a different level of regulatory sensitivity than will a small practice. "Healthcare providers can elect to follow up and remediate in the manner they currently undertake for other violations," he said, adding, "SafeGuard offers a native integration with the Salesforce.com Service Cloud to enable companies to create an investigation case from within SafeGuard."
Derek Kosiorek, a senior consultant with the Medical Group Management Association Healthcare Consulting Group, says that SafeGuard can be a useful tool, but in his view it should not be used as a substitute for hiring the right staff to monitor a medical organization or practice's social media activity.
"Social media tends to be proactive," Kosiorek said. "A medical practice or institute should designate a limited number of employees who are knowledgeable about the proper use of social media to make posts on behalf of the organization. And these employees should take initial and regular refresher trainings on what should and shouldn't be shared via the Internet."
Otavio Freire acknowledges that while SafeGuard is designed to free companies from the need to manually review practice- or hospital-related social media activity post-by-post, it does not take the place of internal monitoring. "But it does allow medical practitioners to address much larger communities and message volumes over time," he added.
Get the new, all-digital Healthcare CIO 25 issue of InformationWeek Healthcare. It's our second annual honor roll of the health IT leaders driving healthcare's transformation. (Free registration required.)