From The Editor | May 23, 2012

Can We Really Trust Facebook With PHI?

Ken Congdon, Editor In Chief of Health IT Outcomes

By Ken Congdon, Editor In Chief, Health IT Outcomes

Follow me on Twitter @KenOnHIT

Facebook has been in the news a lot lately and rightfully so. The company’s recent IPO was one of the most anticipated in history, but this anticipation quickly turned to disappointment when the stock fell flat. Despite its lackluster floatation, there’s no denying that Facebook is a worldwide phenomenon that has changed the way people interact. This social media staple has also provided businesses and service organizations with a new world of possibilities when it comes to communicating with their customers.

While slower on the uptake than other industries, the value of Facebook has not been lost on healthcare. In fact, many healthcare providers (more than 1,000 hospitals currently have a Facebook page) have had success using Facebook to update patients on the latest news, events, and services. In addition, many Facebook-based applications are beginning to emerge geared toward providers and patients. These apps include everything from collaborative online resources of healthcare information and education to tools that track personal health and wellness via the platform.

The possibilities of Facebook indeed seem endless in healthcare. In fact, this topic was explored in great detail in a recent #HITsm Tweet Chat hosted by HL7 Standards. During the chat, HL7 Standards asked, “What’s the next for Facebook when it comes to healthcare? PHRs? EMRs? Other public health services?” Many of the chat participants felt Facebook was well positioned to become the medium of choice for a PHR.  These industry leaders felt Facebook could succeed where Google Health failed because its user base and familiar interface would promote patient adoption. Others, myself included, thought this was a bad idea.

Why Facebook and PHI Don’t Mix

Some of the experts on the chat cited technical reasons why Facebook wasn’t a viable PHR medium (e.g. the platform lacks back-end integration much like Google Health). However, my concerns regarding Facebook as a PHR player have more to do with the company’s business model and its reputation for privacy than they do its technical shortcomings.

With the IPO, Facebook is now clearly a business. A business with a $100 billion valuation that is mostly attributed to its large population of users (more than 900 million) and the vast quantities of data it has collected on those users (i.e. demographic information, biographical information, interests, likes, dislikes, etc.). To make good on its $100 billion valuation, Facebook has to use this data for profit. A simple example of how this could work is if a golf club manufacturer paid Facebook to push a special offer to all Facebook members that listed golf as an interest or even mentioned golf on their wall posts or photo albums.

In its current model, Facebook could look to leverage PHI (protected health information) in a similar fashion (i.e. offering pharmaceutical companies the ability to identify all Facebook members with a specific illness or condition that their new drug is designed to treat). This has obvious HIPAA implications. What financial incentive would Facebook have to keep provider and patient interests at heart? Of course Facebook could choose to modify its approach and sell use of its platform directly to providers and/or patients for PHR purposes with the provision that the PHI is only to be accessed and reviewed by the patient and approved providers. This leads me to my next concern — trust.

Facebook doesn’t exactly have a stellar reputation when it comes to user privacy. The company has been infamous for putting user profile information up for grabs on Google, exposing “friends” lists, and publicizing live chats. Most recently, Australian technology blogger Nik Cubrilovic uncovered that Facebook had been constantly tracking its members, watching the web pages its users visit even after they logged out of the social media site. Facebook executives have since admitted to engaging in this activity, and a $15 billion class action lawsuit was filed against the company as a result. Does this sound like a company you want anywhere near your PHI? Not me.          

Join in on the conversation. HL7 Standards #HITsm Tweet Chats take place every Friday at 12 PM ET. For more information, visit