My current presentation covering risk management. employee access and the use of Social Media by Healthcare professionals

1. Healthcare, Social Media and
Risk Management
Ed Bennett
University of Maryland Medical System

2. Themes for today:
My Background
Current Realities of Social Media
Perceived Risks vs. Actual Risks
Framing the Social Media decision
Opening Access at UMMC

3. Page  3
My Background
Pre-1980
Juggler & Street Performer
Core Web Management Skills

4. My Background
Pre-1980
Juggler & Street Performer
1980 - 1994
Microfilm Technician, Software
Trainer
http://www.flickr.com/photos/zigazou76/6310027720/

5. Page  5
My Background
Pre-1980
Juggler & Street Performer
1980 - 1994
Microfilm Technician, Software
Trainer
1994 - 1999
Web Consultant

6. Page  6
My Background
1999 - Now
University of Maryland
Medical System
All Things Web
Technical Infrastructure
Content Development
Application Development
Web Marketing Strategy
Analytics / Mobile / SEO / Video
Social Media

7. Page  7

9. Current Realities of Social Media
• It’s not going away
• It will replace email
(and that's good)
• Smart phones = constant access
• Preferred tool for many users

10. Current Realities of Social Media
Primary Reasons for Visiting Professional
Online Networks
• Access to thought leadership
• Showcase myself or company
• Keep track of peers/colleagues
• Brand tracking/management
• Research business decisions
• Improve reliability of information
• Inform the development of strategy
• Increase speed of collaboration with customers & employees
• Accelerate decision-making processes through peer input
• Reduce travel costs
- Society for New Communications Research study

11. Patient Expectations
When it comes to Social Media:
• They trust healthcare providers
• They are influenced by our messages
• They want us to respond
• They want support afterwards
Source: PwC HRI Social Media Consumer Survey, 2012

12. Consumers are more likely to share social media
information from healthcare providers
Doctor Hospital
Health Insurer Drug Company
Source: PwC HRI Social Media Consumer Survey, 2012
N = 1,060

13. Consumers value information and services that make
healthcare easier to manage
Source: PwC HRI Social Media Consumer Survey, 2012
N = 1,060
Percentage of respondents finding value in services
offered by healthcare providers in social media

14. HIPAA & privacy violations
IT security
Loss of message control
Employee productivity
Perceived Risks of Social Media

15. B I N G O
Productivity Privacy
Not
Professional
Bandwidth
IT
Rules
Security HIPAA Reputation
No
Rules
Viruses
Liability Time Waster
Staff
Morale
Risky
Hackers Lawsuits For Kids Costly
Data
Loss
No
Control
Malware Scary
HR
Policy
Patient
Safety
Web
Blocking
Bingo!

16. 1. Staff can access social media on personal devices.
2. Access is a management decision, not just one by IT or HR.
3. Create social media polices and guidelines, then enforce them.
4. Provide training about social media risks and opportunities.
5. Social media sites are web sites, so virus and malware risks are
similar and can be managed.
6. Even if you block social media, staff can and will visit other sites.
7. Educate users about managing security risks (e.g., creating
passwords, recognizing suspicious emails, messages, links, etc.)
Answers to Common Objections

17. 1. Staff can access Social Media on personal devices
2. Access is a management decision, not just one by IT or HR.
3. Create social media polices and guidelines, then enforce them.
4. Provide training about social media risks and opportunities.
5. Social media sites are web sites, so virus and malware risks are
similar and can be managed.
6. Even if you block social media, staff can and will visit other sites.
7. Educate users about managing security risks (e.g., creating
passwords, recognizing suspicious emails, messages, links, etc.)
B I N G O
Productivity
Not
Professional
Reputation Time Waster
No
Control

18. 1. Staff can access Social Media on personal devices.
2. Access is a management decision, not just one by IT or HR.
3. Create social media polices and guidelines, then enforce them.
4. Provide training about social media risks and opportunities.
5. Social media sites are web sites, so virus and malware risks are
similar and can be managed.
6. Even if you block social media, staff can and will visit other sites.
7. Educate users about managing security risks (e.g., creating
passwords, recognizing suspicious emails, messages, links, etc.)
B I N G O
Privacy HIPAA Liability Lawsuits Data Loss

19. 1. Staff can already access web on personal devices during work
day.
2. Access is a management decision, not just one by IT or HR.
3. Create social media polices and guidelines, then enforce them.
4. Provide training about social media risks and opportunities.
5. Social media sites are web sites, so virus and malware risks are
similar and can be managed.
6. Even if you block social media, staff can and will visit other sites.
7. Educate users about managing security risks (e.g., creating
passwords, recognizing suspicious emails, messages, links, etc.)
B I N G O
IT Rules Hackers
Malware
Viruses
Security Bandwidth

20. Real Risks of avoiding Social Media
• Web adoption lessons from 1998-2001
• Not meeting employee / patient expectations
• Loss of visibility

21. Employee Expectations

22. Employee Expectations

23. Patient Expectations
“You trust your staff with my life, but
think they can’t handle Facebook?”
“You cut off my support network when
I needed it the most”
Patient responses to UMMC blocking Social Media

24. Social Media
Risk Management
=
Employee
Management

25. Social Media Policy Basics
 Social Media sites are not HIPAA
controlled services
 But staff must follow existing rules:
 Patient Privacy
 HIPAA
 Behavior Standards
 Official policies and procedures limit
liability

26. Staff Policies and Guidelines
“No hospital has been sued for HIPAA
violations on social media. Some employees
have been in violation but all issues have been
resolved through HR means.”
David Harlow, JD MPH
Principal, The Harlow Group

27. A 12-Word Social Media Policy
Don’t Lie, Don’t Pry
Don’t Cheat, Can’t Delete
Don’t Steal, Don’t Reveal
Farris Timimi, M.D.
Medical Director
Mayo Clinic
Center for Social Media

28. Social Media Policy and Employee Guidance
 First and Foremost, Respect the Privacy of our Patients
 Live the Ministry Promise and Values When Online
 Be a Productive, High-Performing Workforce Member
 Realize That Social Media Posts are NOT Private
 Don’t Jeopardize Your Reputation and/or Future Employment
Opportunities
By Will Weider, CIO of Ministry Health Care

29. Education and Best Practices
Require annual training for all staff
Provide tools for managers
Packaged presentations
Videos
FAQ’s
Encourage discussion
Acknowledge gray areas

30. Staff Education
http://www.youtube.com/watch?v=44txjIgnOzU

31. Education and Best Practices

32. Monitoring

33. Opening Access at UMMC

35. Opening Access at UMMC
Websense in place since 2004
 Blocked Facebook
 Most Blogging platforms
 Broke many non-social media sites
 Blocked patient education / professional
resources

36. Opening Access at UMMC
Why Change?
 Patient Satisfaction – #1 Driver
 Respect for Hospital Staff
 Lessons learned from the first Web cycle
 Opportunity to reach & build communities

37. Opening Access at UMMC
The Process – all of 2010
 Driven by our CEO
 Lots of meetings and memos with
 Legal / Compliance / IT / HR
 Clinical Leadership
 Policies and staff guidelines
 Education and training

38. One Year Later…
Opened access on January 1, 2011 !

39. Opening Access at UMMC
Results
 A “No Drama” launch
 Decreased patient complaints
 Increased employee awareness
 Social media = business as usual

40. Open access = new services
Examples from UMMC:
 Patient support groups on Facebook
 Department groups on Facebook
 Fundraising

41. Patient Support Groups on Facebook
 Liver Transplant
 Digestive Diseases
Launched in March 2011
Between 50 and 75 members each
 Hepatitis C
 Trauma Survivors

42. Patient Support Group

43.  Outgrowth of traditional IRL groups
 Managed by the same group leader
 Mix of closed & secret groups
 Posts are private to the group
Set up & sanctioned by the
UMMC Communications Department
Patient Support Groups on Facebook

44. Shock Trauma EMS Office

45. Dozer the Dog

46. Fundraising

47.  Huge media
relations effort
 New Fundraising
Website
 Video production
 Facebook, Twitter,
YouTube and Blogs
 Monitoring
 Hundreds of blog posts, tweets and shares
 Local / national / international media coverage
 Over 500,000 YouTube views
 $30,000 raised from 700 donors
The Sum:
The Parts:

48. Resources:
The Mayo Clinic Center for Social Media
http://socialmedia.mayoclinic.org
HIMSS White Paper
Social Media in Healthcare: Privacy and Security Considerations
http://hcsm.me/10QkEzS
Bryan Vartabedian, MD - Pediatric Gastroenterologist at Texas
Children's Hospital/Baylor College of Medicine
http://33charts.com
Price Waterhouse Coopers
Social Media “Likes” Healthcare
http://hcsm.me/pwchealth

49. Thank You
Ed Bennett
Director,
Web & Communications Technology
University of Maryland Medical System
410-328-0771
ebennett@umm.edu / ed@ebennett.org
umm.edu / ebennett.org
Twitter: @edbennett
www.ummsfoundation.org/dozer