- Two healthcare leaders are calling for greater transparency and stronger laws that outline the data collection practices of social media platforms.
In Applied Clinical Informatics, Carolyn Petersen, Mayo Clinic Global Business Solutions Senior Editor, and Christoph Mehmann, MD, Professor for Biomedical Informatics and Pediatrics at Vanderbilt University outlined the privacy issues highlighted by the Facebook data scandal and the potential impact on social media in healthcare.
The Facebook scandal is the ultimate example of privacy practices gone wrong. The company is still facing legal action by the Federal Trade Commission and has been fined by other governments for several data breaches and scraping the data of 2.2 billion users in violation of a 2011 user privacy decree.
“The recent revelations about Facebook’s handling of user information have confirmed suspicions that an industry offering its services for free to users most likely has already turned its user base into the marketed product or is about to do so,” the authors wrote.
“More importantly, such revelations leave individuals who use social media feeling betrayed, bereft, violated, and concerned about how to safely and appropriately use social media to support health-related goals and build community,” they added.
The trouble is that the digital health movement touted social media as a collaboration between patients, caregivers, and other health stakeholders, the authors explained.
The platforms connect individuals to health information, along with an anonymous space for people to explore health concerns without stigma, they explained. Social media also helps patients and their families crowdfund medical treatments and the like.
However, despite these benefits, the “platforms frequently fail to take into account the unique needs of this population, which can create special challenges and additional work for healthcare practitioners and may require focused efforts to overcome real and potential privacy abuses,” the authors wrote.
Facebook worsened its position in terms of privacy when it covertly sought deals with healthcare organizations to share patient data. The authors explained that while that data could help provide insight to caregivers, the creation of enhanced patient profiles presents an opportunity for illegal data sharing.
But the authors noted that even without Facebook, social media platforms will remain. As a result, lawmakers and industry stakeholders must get ahead of the situation by mandating full transparency and incentivizing the development of user-friendly platforms.
These companies must provide comprehensive user education while establishing user-friendly business models and policies, the authors added. The proposed law would ensure these platforms clearly state data collection, use, and sharing policies, which will promote accountability for social media companies.
“A comprehensive privacy protection system for the United States would include a ‘Right to be Forgotten,’ as well as regulation and oversight of data collection, analysis, and sharing practices,” the authors wrote. “Social media companies that use security practices to shield themselves from the exposure of their privacy-violating practices, are vigorously fighting these initiatives.”
“With the passage of legislation prohibiting deceptive practices and the establishment of patient/consumer education campaigns … patients will be in a position to use social media for their benefit, rather than primarily for the gain of profit-focused platforms,” they added.
In the US, especially in healthcare, there’s been a massive push for consumer privacy rights. In November, AMIA called for a federal alignment of health data privacy policies, including making consumer-centricity a prerequisite condition.
Just this month, AHIMA and AMIA called on Capitol Hill members to upgrade HIPAA to support a patient’s right to access their own data. Meanwhile, The Center for Democracy & Technology proposed a bill centered around a consumer’s right to understanding where their data is located and reasonable data access.