Healthcare Information Security

Patient Privacy News

What does UCLA HIV study mean for social media privacy?

By Patrick Ouellette

- Social media is starting to be recognized as a valuable tool for predictive analytics in healthcare, but what are the potential privacy effects among users? A recent UCLA Medicine study that was published in peer-reviewed journal Preventive Medicine analyzed the potential value of using Twitter tracking patient behavior to learn more about HIV risk behaviors and potential outbreaks. While the study proved that Twitter may be a cost-effective tool to track real-time patient data, there are still patient privacy questions to be answered.

Researchers, according to UCLA.edu, collected more than 550 million tweets between May 26 and Dec. 9, 2012. The study looked into how tracking patient tweets, such as seeing where they come from and comparing that data with how HIV cases are geographically distributed,  may help avoid HIV outbreaks. “Ultimately, these methods suggest that we can use ‘big data’ from social media for remote monitoring and surveillance of HIV risk behaviors and potential outbreaks,” said Sean Young, assistant professor of family medicine at the David Geffen School of Medicine at UCLA and co-director of the Center for Digital Behavior at UCLA.

Predicting patients’ health-related behaviors and as a method for monitoring HIV risk behaviors and drug use is, by nature, a sensitive endeavor. With that in mind, there are a couple of potential privacy issues with the methodology that could be extrapolated to future use. First, researchers created an algorithm to find words and phrases in them suggesting drug use or potentially risky behaviors, such as “sex” or “get high”, and mapped them out against reported HIV cases. According to the study, 8,538 tweets indicating sexually risky behavior were captured and 1,342 suggesting stimulant drug use.

The question of accuracy (whether those terms really are precursors for HIV) aside, using data of people who don’t know their data is being collected seems to go against patient consent policy. Yes, there is inherent risk in using social media and publicizing personal details exposes people to further risk, but HIV and other STD data should be handled with extreme care, even if the data doesn’t include full patient profiles.

Next, Twitter is hardly a HIPAA compliant platform. In fact, the Rhode Island Board of Medical Licensure and Discipline (BOARD) released Policy Guidelines for the Appropriate Use of Social Media and Social Networking in Medical Practice back in October because of confusion as to what was acceptable social media behavior among providers. Though providers may not necessarily be collecting this HIV “big data”, these efforts may be inconsistent with privacy and confidentiality protection requirements for patients.

Lastly, big data in general must remain private because health information privacy is an individual’s right to control the acquisition, uses or disclosures of his or her identifiable health data. Deven McGraw, Director, Health Privacy Project at the Center for Democracy & Technology told HealthITSecurity.com last year that in working toward the goal of delivering better care at a reasonable cost, understanding how sensitive data is handled is an important piece of the puzzle.

We need to have a set of privacy and security protections that builds public trust in the way healthcare organizations use data, but also facilitate the uses of the data we know we need in order to change the healthcare system. Patients are harmed when data aren’t used in beneficial ways in the same way they would be harmed if the data were used inappropriately. So we’re trying to use data for good purposes but make sure that good doesn’t damage public trust.

There is little doubt that study demonstrates the viability of real-time social networking to identify and map HIV risk-related communications and link them to national HIV data. However, that doesn’t mean there aren’t questions to be answered for unknowing patients whose data is being used.

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks