This page contains a Flash digital edition of a book.
FEATURE


Social networking in healthcare – security and privacy implications


Alberto Tinazzi IT Security Consultant eHealth Security Services atinazzi@ehealthsecurity.com.au


The Internet is in constant evolution and while most users find this exciting, it also introduces a series of new threats and a range of new opportunities for cyber criminals. New technologies such as social networking tools are rapidly growing in popularity, including amongst healthcare professionals. A growing number of organisations have jumped on


the social networking bandwagon as a means to extend the reach of their business. Tools like Facebook, Twitter, LinkedIn and MySpace and many other blogging sites are an excellent way to promote products and services and keep in touch with customers, or patients in the case of the health sector. However, social networking tools could also pose some serious security threats to businesses if not wisely used. According to a study conducted by Medical


Observer in 2010, 79% of Australian doctors use Facebook. Most of them use social networking tools for social purposes but there is a growing number of doctors that use social networks to provide healthy lifestyle advice and education to patients.1 Some doctors may find themselves in an awkward


situation when their patients add them as ‘friends’ on Facebook and wish to discuss their medical issues. Health professionals need to be aware of the professional and legal issues introduced by using social media to interact with their patients. Another problem related to the use of social


networking tools, from a security point of view, is the leakage of confidential information. Staff discussing work related issues on social networking sites may inadvertently disclose confidential information about the business, a competitor, a customer or patient, or may make inappropriate comments which may be a


Alberto Tinazzi is a Certified Information Systems Security Professional (CISSP). He works as an independent information security consultant specialised in the healthcare sector. He has 16 years experience as an IT professional, specialised in information management and security. He has spent the last 10 years working within the health sector covering a number of different roles within the Division of General Practice Network.


40 Pulse+IT


cause of embarrassment to their employer. Employees need to be extremely careful not to


accidentally post sensitive information on public websites, forums and blogs. Even the publishing non-sensitive information may have a considerable impact on security. In fact any personal information posted may be used by cyber-criminals to develop a detailed profile of the employee and help them to build a trusting relationship with their victims for malicious purposes. An individual may be able to discover sensitive


information by deduction from non-sensitive information published on a blog for example. This phenomenon is known as ‘inference’. Similarly, two or more pieces of non-sensitive information may increase their sensitivity when they are put together. This phenomenon is know an ‘aggregation’ and is very common on blogs and online forums, where multiple individuals discuss a common topic. It is very difficult to prevent inference and


aggregation as individuals can access a great volume of information from multiple sources over a long period of time and then correlate all the gathered data. Healthcare workers should be trained and aware of the risks posed by aggregation and inference. A review of 271 medical blogs carried out by the


University of Pennsylvania revealed that 56.8% of blog authors provided sufficient information to reveal their own identity and in 42.1% of these blogs individual patients were described. 16.6% of the blogs contained enough information for patients to identify their doctors or themselves.2 There have been cases in Australia of doctors


making inappropriate statements or discussing confidential information on social networking media. Doctors need to be very careful when posting comments or other information on the Internet as it can more than likely become very public very quickly, potentially having serious consequences on their reputation and career.3 The Australian Medical Association in collaboration with three other peak medical bodies has developed


www.pulseitmagazine.com.au


Author Info


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52