Frankly, we need help.
Thousands of patient groups have trusted Facebook and are still unaware of the privacy concerns there. Sometimes these patient communities are associated with small non-profit organizations that are under-funded and typically manned by “mission” personnel. The type of people who become inner-city school teachers, etc etc. The leaders and staff of these small non-profits and the group administrators of these groups frequently work separate full time jobs, even as they work a full time amount in their respective communities.
These people do what they do because they “must” and burn out is already a huge problem in this community. But for patients, these non-profits and online communities are a lifeline.
In many cases, Facebook was a huge force-multiplier for these people. Using Facebook they could communicate with hundreds of people at the same time in the same hour that previously took a one-on-one phone call. They use Facebook for fund raising, to plan events and run the calendar. In some cases they have abandoned having separate websites in favor of just using Facebook, which allows them to reach and extend their community. For them, Facebook fulfilled the promise of the “Open Web” and is the central IT resource at their organization.
Now imagine hearing that Facebook has been sharing the private details of their communities health information, and providing that to both foreign hackers, local zealots and crooked advertisers. Then imagine how they must feel when we tell them that their Facebook presence has been instrumental to Facebook’s ability to do this. We have had this conversation a few times now and it rarely goes well.
We need to have IT professionals help with migrating organizations off Facebook, or to work to ensure that their Facebook presence is not hurting patients. Preferrably these IT professionals should have experience working within the resource constrained world of clinical non-profits.
We need cybersecurity professionals who can work with clinical non-profits who offer patient resources online to help ensure that those resources are secure. We are developing methods and tools to help migrate patient communities on Facebook to more secure environments. And we have some best practices that we already understand ahead of these tools becoming available. The non-profits who we contact will need help implementing any of this and will need cybersecurity consulting for a year or so after this. Preferably this should be a local resource so that they can develop a trust relationship.
If you work with a clinical non-profit with resources to solve your own problems (i.e. funded foundations or hospitals, etc), then please consider offering to help non-profits with less resources.