Skip to main content

Customer Experience and Design

Court Case That Could Impact Healthcare Social Media in a Big Way

by on April 7th, 2016 | ~ minute read

5600215736_09c4d46a1b_oThere is some interesting litigation on the dockets that could potentially have some far reaching implications for healthcare social media and the future of healthcare public websites. There was a class action lawsuit filed against Facebook and various healthcare organizations including American Cancer Society, Adventist Health System, BJC HealthCare, and the Cleveland Clinic. The suit claims that PHI was exchanged between Facebook and these healthcare providers without patient consent by way of the code embedded in the website social sharing features.

Get the Guide
Good UX Means Good Business

In a world where technology is rapidly advancing and user expectations are rising, it’s no longer enough to have an average user experience; to delight your users and surpass your competition you must strive for the exceptional.

Get the Guide

But what does this mean? Essentially, the issue at play here pertains to those instances where a website visitor clicks a link or icon on a healthcare website for the purposes of sharing that information with others or simply liking that article. Based on some available code in some of these functions, this information is then transmitted to Facebook and Facebook can then use that information to identify the individual for marketing purposes.

Potentially Far Reaching Impact

In addition to the more obvious social media implications, it is possible that this pending litigation could also impact the way we use IP address for personalization on healthcare websites. Because website personalization is growing in popularity, when we work with a healthcare client on creating public websites, it has become a common practice to apply patient privacy considerations into these experiences. As the healthcare industry flattens, we’ve had instances where these patient privacy considerations need to be applied internationally as well. This is important because IP address is considered PHI under HIPAA. As such, how that PHI is defined and applied in this particular lawsuit could have some pretty far reaching implications.
What Do You Do in the Meanwhile?
How can you safeguard you organization until more explicit direction is handed down by the courts? There are a few things to consider:
  • The first is to understand how your public website(s) use social sharing features and limit the specific code that sends information to Facebook (at least until we gain more clarity from this case law).
  • Have your legal team look into updating your website’s privacy policy to create additional safeguards
  • Consider instituting a required consent feature into these social sharing functions. A good model here can be found in public websites in the European Union. The EU currently has the most restrictive laws when it comes to requiring consent for storing cookies and other digital fingerprinting tactics used in web personalization. As such, organizations have created ways to incorporate these consent features into websites while being the least intrusive to user experience as possible. Check out how global brands, like McDonalds and Coca-Cola, have incorporated consent into their web experience in, say, France or the UK. (Added bonus: While you are there you can also see some interesting examples of how what we consider to be iconic branding has been altered to fit within the ethos of other countries and cultures.)
It will be interesting to see the results of this case. It could be that Facebook will need to prompt a consent form for the user and then keep that consent on file since Facebook is the one essentially re-identifying patient identity to their IP address. Perhaps it becomes a more blanketed consent form at the time a user signs up to use their site. Until then, keep an eye out for how your organization implements social sharing features.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Melody Smith Jones

More from this Author

Categories
Follow Us
TwitterLinkedinFacebookYoutubeInstagram