How to improve security and privacy so patients can use social media in hospitals

NHS lockdown. Jason A. Howie, CC BY

As a non-profit organisation, the NHS should follow the same principles behind open-source: sharing knowledge and standardising procedures to help all the patients. And in the same way that the software industry benefits from sharing source code with the public – fostering a community of users and developers, recruiting free testers – the NHS and private medical companies could also benefit from sharing their knowledge.

The NHS is already good at sharing anonymised information about care across all parts of the service. For example, open-source systems such as Mirth Connect and VistA have already been used to handle electronic health records.

But sharing becomes more tricky on an individual level. This is because patient medical records are deemed too sensitive to share beyond a select circle of doctors and family members. Anonymised data such as date of birth, full postcode, NHS number and gender could reveal the identity of a patient if someone could corroborate any part of the data linked to the names provided by a third-party service.

Records are shared between NHS divisions but plans to take it wider have been fraught with difficulty.

Patients sharing

But what if patients want to share pictures, messages and information themselves. Smart phones and wifi are currently banned in most hospitals because they make it too easy to take photos and share with people on social networks. However, there is a growing use of social networks such as Facebook to find health information and it is likely to increase patients’ use of devices in wards. But some locations in the hospital have higher privacy risks. For example, when it comes to social media sharing, most people wouldn’t like to find pictures of them lying ill in a bed posted on Facebook by a fellow patient they don’t know.

Of course, we love smart phones and for many good reasons. And with open-source software it’s possible to address the trade-off between the right to privacy and the social benefit that social media could have. Adaptive sharing, an assisting tool that we’re developing which helps patients adjust the size of their friend circles can bring more confidence in sharing sensitive information, for example. If you have less trust in how someone has shared your sensitive information in the past, you can exclude the person from your circle. But you can enlarge the circle as well so that information reaches the right audience.

Open-source software such as ownCloud can give you full control of your data. It can also tighten access controls with stricter security policy to protect the privacy of patients in a hospital. Similar to popular cloud solutions like Dropbox, ownCloud is a file-sharing service that offers multiple clients on varying devices. You can put electronic files in one place and open them on any desktop computer or mobile device. Because the source code is public, any developer has a chance to strengthen security controls, which you can’t do with closed source.

Security policies for sharing data are different if you’re on a hospital ward or at home. At the Open University we’re exploring an adaptive solution to enhance the overall security controls of ownCloud for patients. The aim is to make it easier for the NHS to accept patients’ use of their devices in more controlled situations.