Healthcare Data and the (Private) Social Network

Wednesday, May 09, 2012

Danny Lieberman

959779642e6e758563e80b5d83150a9f

In his previous post I trust you to keep this private, Danny Lieberman talked about the roles that trust, security and privacy play in online healthcare interactions.

In this post, Danny talks about healthcare privacy challenges in social networks and describes how you can implement a private social network for healthcare without government privacy regulation and IT balls and chains.

Online interactions with our HMO

We have online interactions with our healthcare organizations; accessing a Web portal for medical history, scheduling visits etc. Our PHI (protected healthcare information) is hopefully well-secured by our healthcare provider under government regulation (HIPAA in the US, and the Data Protection Directive in the EU).

Albeit in the name of privacy, healthcare providers often take security to absurd extremes, witness the following anecdote:

"I tried using online medical services with my provider in Hawaii but they could not respond due to my not being in Hawaii. What good is online diagnostic services when the patient is not in his/her home state?"

Well now, I thought, that’s why Al Gore invented the Internet so that we could access healthcare services anywhere, anytime. Guess not. With our healthcare provider, we interact with the IT department. Bummer. On Facebook we interact with our friends. Compassion.

"A healthcare provider’s business model requires them to protect your health information from disclosure. This is generally interpreted as doing as little as possible to help you be healthy. Social media business models require them to maximize distribution of your content. This means that your privacy is up to you and the people you connect with."

It seems obvious to me, that privacy regulation cannot work in social media because the connectivity is so high. There is no central data center where you can install an IPS and DLP systems and implement all of HIPAA CFR 45 Appendix A administrative, physical and technical safeguards.

In that case, let’s get back to basics. We agree that privacy in our healthcare interactions is critical.

What is privacy?

pri·va·cy/ˈprīvəsē/

  1. The state or condition of being free from being observed or disturbed by other people.
  2. The state of being free from public attention.

Healthcare privacy by design

Just like you are alone with your doctor in his office,we can build a private social network where the topology of the network guarantees privacy. We describe a star topology where one doctor interacting with many patients.

We guarantee online privacy in our star topology network with 3 simple principles;

  1. Each doctor has his own private network of patients.
  2. In the private network, patients do not interact with other patients (interact as in friending, messaging etc.). We can expand the definition a bit by allowing a patient to friend another person in a caregiver role, but this is the only exception to the rule.
  3. A doctors private network does not overlap with other doctor networks, although doctors connect with each other for referrals.

This is a private network for healthcare by design.

What makes it a private social network, is the use of the same social apps we use in social media like Twitter and Facebook: friending, short messaging, status updates, groups, content sharing and commenting/liking.

A doctor uses a private social network for healthcare with the same 3 basic primitives of public social networking: Connect (or friend), Follow and Share.

"One of the things that excites me the most about private social networks for healthcare is the potential to make the information technology go away and put the focus back on the patient-physican interaction and quality of clinical care."

  • Doctors save time in interviews because patients can record events and experiences before they come in to the office.
  • Data is more accurate since patients can record critical events like falls and BP drops, in proximity to the event itself.
  • Better data makes physician decisions easier and faster.
  • Better data is good for health and easier and faster is good for business.

What a beautiful business model – compassion, care and great business!

Cross-posted from PathCareBlog

Possibly Related Articles:
5915
HIPAA
Healthcare Provider
HIPAA Privacy Compliance Social Networking Regulation Data Loss Prevention Healthcare Personally Identifiable Information online safety
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.