By Fred Touchette

Technology has presented a wealth of opportunity for the healthcare industry, but with technology advancements come associated challenges, frequently rooted in IT security risks. With federal government regulations mandating the security and privacy of patient data, there is little room for mishaps.

Today, as the use of mobile devices like iPhones and BlackBerrys increases on the job, so does easy access to social networking sites, such as Twitter, Facebook and LinkedIn. As a result of this easy access, hospital staff may unknowingly subject the hospital network to a variety of web-based threats, including malware, viruses, Trojans and worms.

What’s worse, a new device made available to help hospitals enhance patient tracking and medicine/drug administration, is likely operating on the same network as that of mobile devices carried around by hospital staff, thus putting patients’ care and their records at risk. Mobile device and social networking usage at work, without appropriate security policy and enforcement measures in place, can open the network to an array of potentially damaging security situations.

It’s no mystery why social networking sites are popular targets for cyber criminals. With so much personal information readily available, it’s a treasure chest for cyber criminals to obtain someone’s personal information – such as their birthday, town of residence, spouse’s name – and use these details to dupe them. The unsuspecting victim could receive tailored communication from the cybercriminal, commonly in the form of an e-mail, which is personalized to such a high degree that the recipient is fooled into believing the message was sent by a trusted source and is really meant just for him or her.

In this common scenario, hospital staff might not recognize the scam and could click on what appears to be a harmless link, e-mail or website. By clicking the link, it can infect their computer or mobile device and continue to spread the poison through the organization’s network. It’s little surprise that the effects can be costly.

Unfortunately, there are no easy answers to the technical and policy issues surrounding social networking in the workforce. Healthcare organizations today must balance employee and patient needs against technical risks and regulatory mandates when determining how to and when to utilize this technology.

But by taking a deeper look at the social networking phenomenon and how it is utilized in both a professional and personal capacity, both employees and patients can better understand the benefits and risks associated with using social networks.

Here are the top tips for healthcare compliance professionals to keep in mind when working to ensure the appropriate security precautions are in place for staff members that utilize social networking sites.

Understand the definition of “social networking.” Although a good first step, it’s not enough to say you have a social networking policy in place. You need to ensure that all staff members understand the definition of social networking and how it applies to Facebook, MySpace, Twitter, SMS and MMS texting and other popular technologies. This comprehension of social networking is key because it will help to enhance the security of the hospital network, especially as more doctors and staff members utilize mobile devices to take notes or access patient information on the go.

Examine the ways social networking coexists within the healthcare arena today. There are some clear benefits to utilizing various forms of social networking within the healthcare industry, especially when it comes to efficient note taking. Sometimes, sharing information with other doctors via SMS or MMS texting is an efficient way to access a “brain trust,” of sorts to diagnose a patient in a faster timeframe. These mobile devices, however, should be managed as part of the social networking policy to be certain that they do not include stored personal information about the doctor or hospital. This will be important to ensure compliance with HIPAA regulations.

Identify the risks and benefits of utilizing social networking technology within the healthcare industry. Similar to the definition of social networking, the risks and benefits should be clearly stated and explained for all hospital staff. Additionally, by highlighting the link between the technology and regulatory environment, you can help your organization remain compliant with HIPAA, among other federal regulations.

Share real-world examples. At the next company-wide meeting, or through various forms of information-share at the hospital, highlight examples of how easy it is to misuse social networking. It will be important to emphasize the consequences associated with the misuse of social networking, some of which can come in the form of significant fines or potential termination, to name a few.

As any good doctor would say, “prevention is always the best medicine.” A healthcare organization can maintain sound security by developing – and following – a comprehensive set of policies and using appropriate solutions when possible.

Research has shown that IT security is considerably underfunded within the healthcare industry, yet many new security regulations are now required. The benefits of establishing a social networking policy, along with providing key information to enhance employee education, can be used to establish a safe and effective use of social networking technologies within the healthcare organization, while ensuring the security of the hospital network as a whole.

Fred Touchette is senior security analyst at AppRiver. For more information on AppRiver: www.appriver.com.