AHIMA advance: The impact of social media on the integrity of patient record information

Deborah Kohn

Policy makers, leaders in informatics and law and health information management professionals will explore the effects of electronic health records on the quality and usability of health information during the American Health Information Management Association’s Health Information Integrity Summit on November 8-9 in Chicago. One facet of the summit will be the role of social media and how it relates to the integrity of patient record information.

The use of social media in healthcare is now ubiquitous, and the need to understand its effect – from the integrity of patient record information to privacy and security compliance – is imperative.

If properly used and governed, social media presents opportunities for healthcare professionals and organizations to be innovative, such as adding functionality to existing business processes.  Failing to safeguard its use, however, can hurt the clinicians, patients and healthcare employees who are actively using the applications on their own devices. 

Examples of social media use in healthcare include e-patients and online communities, provider organizations that have integrated social media into their marketing efforts, clinician-to-clinician information exchange and provider-patient communications on mobile devices replacing messages broadcast from tethered computers. These uses are transforming healthcare.

Social media encompasses a wide variety of web-based software applications that allow users to collaborate and generate content, the intellectual substance of a document that includes structured data as well as unstructured data. Its capabilities include texting messages, authoring blogs and wikis, posting comments on other blogs and providing status updates and brief commentary via microblogs.   

One area that sparks concern and where very little has been published involves social media’s effect on patient record generation as well as the integrity of the patient record content. Patient records are generated when patient content is created or received in the transaction of business and maintained as evidence in pursuance of legal obligations. Legally, every tweet, blog post, blog comment, text message and wall entry uploaded and received by healthcare professionals and organizations is a piece of content that should be reviewed and managed to ensure control, decorum and, perhaps, regulatory and records compliance. The computer form factor can be mobile or tethered – for example, a published social media status update or a tweet entered using either computer form factor might not rise to the level of a record, but a protracted discussion on a particular topic or over a given period on someone’s wall or via Twitter might qualify.

When reviewing whether, for example, Facebook content is a record, healthcare authors with healthcare records managers must examine the following questions:

• Does the content contain evidence of an organization’s policies, business and mission?
• Does the social media application being used relate to an organization’s work?
• Is there is a business need for the content?
• Does the content document a transaction or decision?
• Does the content contain personal health information (PHI) or other individually identifiable health information?
• Could the content be subject to requests for disclosure, subpoena and e-discovery?

Should the Facebook content contain PHI and become a record, healthcare records managers must determine if and how the content becomes part of the patient’s record, just like email message content. In addition, social media records management must be incorporated into organizational enterprise information governance programs, similar to patient health records, email records and financial records. This includes defining social media records, establishing retention schedules, determining destruction processes, determining “legal hold” processes, establishing training and auditing processes and establishing policy updates/revision processes.  Adding new representatives to the programs, such as social media strategists and community managers who are charged with maintaining the quality of and control over the social media content, also is important.

Even if the Facebook content does not contain PHI and does not become a record, healthcare records managers with their IT counterparts must manage the content. Unfortunately, managing social media content is somewhat different from and more difficult than managing other content.  It is populist, uncontrolled and unregulated, and it does not have traditional metadata except for, perhaps, Twitter, with its handles. The good news is that most social media applications use databases and templates. This means that enterprise solutions installed inside the firewall can be managed like other databases, allowing healthcare organization personnel to, for example, consolidate their mobile devices to streamline the device for both work and personal use as well as use their devices for internal texting and collaborating in groups without fear of breaching patient or organizational privacy and information security. 

Deborah Kohn is a member of the American Health Information Management Association and Healthcare Information and Management Systems Society and principal of Dak Systems Consulting (www.daksystemsconsulting.com), a national HIT consultancy she founded in 1986.