Friday, December 9, 2011

HIPAA Dangers Lurk on Facebook; Ongoing Policy Revisions Are Advised | AIS Health

HIPAA Dangers Lurk on Facebook; Ongoing Policy Revisions Are Advised AIS Health

This is a well written article.  It identifies an ongoing issue that all organizations, not just those in healthcare struggle with on a daily basis.  How do we empower our employees, yet maintain control over social media to protect the private information for which we are responsible?

I support the premise of policies for employees as many do not take the time to think beyond the moment to consider the consequences of their actions.  Many postings as the article points out are innocently placed.  Most people do not realize that enterprising people can take these separate pieces of information and place them together.  In the wrong hands that information is sold to the highest bidder.

The article points out: “There are people who have grown up having everything posted on Facebook, and having no privacy,” Drummond says. “They are posting more” with little thought to the potential impact.

The solution is not to single out any specific social media forum, but rather to invest in education for all workers.  Many simply are ignorant of the consequences.  At the organizational level, the education becomes part of a Written Information Security Program (WISP) plan.

Think of a WISP plan as a fire drill for a data breaches.  It is not a static, shelf sitting, and dust collecting binder.  A working WISP plan is reviewed annually or at any change in business or organizational process.  A WISP plan provides the foundation for a secure environment.  There is no one perfect solution.  Any plan that incorporates humans has the potential to break down.  In the event of a breach, there are well documented procedures that will mitigate damages and help create a defensible position for the regulators that are sure to be involved.

Dolvin Consulting works with industry experts Cyber Security Auditors and Administrators (CSA2) to help companies of all sizes manage the risk associated with private information.  Those companies are typically concerned with the threat of lawsuits related to the loss of personal information as well as the loss of their customer base due to the degradation of their reputation.

We cannot promise you that you will never have any problems, but we will do our best to understand your challenges and help you create a working WISP plan that matches your risk quotient.   Contact us today to see how we can help you manage your risk.

No comments:

Post a Comment