Tobias Hartz*, Institute of Medical Biostatistics, Epidemiology and Informatics, Mainz, Germany Holger Storf, Institute of Medical Biostatistics, Epidemiology and Informatics, Mainz, Germany Anke Hollinderbäumer*, Institute of Medical Biostatistics, Epidemiology and Informatics, Mainz, Germany Freya Trautmann, Institute of Medical Biostatistics, Epidemiology and Informatics, Mainz, Germany Florian Walter, Institute of Medical Biostatistics, Epidemiology and Informatics, Mainz, Germany Frank Ãœckert, Institute of Medical Biostatistics, Epidemiology and Informatics, Mainz, Germany Track: Research Presentation Topic: Ethical & legal issues, confidentiality and privacy Presentation Type: Rapid-Fire Presentation Submission Type: Single Presentation Building: Sol Principe Room: C - Almudaina Date: 2014-10-10 09:45 AM – 10:30 AM Last modified: 2014-09-10

If you are the presenter of this abstract (or if you cite this abstract in a talk or on a poster), please show the QR code in your slide or poster (QR code contains this URL).

Background: Online social network sites are mediated public topologies which allow users to create online profiles and develop online communities with common interests and activities. With over 1.3 billion users, Facebook is today’s largest and most successful social network. According to a survey by the National Research Corporation, patients are also using Facebook for health information. Despite of privacy concerns some patients share their experiences, connect with each other and organize themselves in groups. In a former project we implemented a Python script which programmatically employed the Facebook graph API to search Facebook’s content for chosen diseases and aggregated data. With this proof-of-concept approach we could show that potential patients can easily be identified. In some cases it was not even the patient itself who revealed the information. The friendship to a certain health care provider, friendships to a certain friend cluster (other patients) or memberships of specific groups can suggest, that a user has a certain disease.
Objective: The aim of this study is to evaluate the risk to reveal personal disease related information in different use cases and to describe concrete measures and recommendations how the risk can be lowered or hindered in each case. Method: Analyzing our results of our proof-of-concept approach we identified 36 different types of behavior (e.g. befriending, posting, pressing like-button) under specific settings which may lead to an identification of certain patients. For each identified behavior (use case) we performed a risk analysis using the risk reporting matrix which we adapted slightly. Our matrix describes easiness of accessibility of Facebook data to the likelihood of correct identification of a patient based on this data each on a score from 1 to 5. Corresponding to the known method we differentiated three risk levels: high, moderate, and low. For each use case which might lead to moderate or high risk we came up with concrete measures how users can protect themselves. Results: 21 of the 36 use cases were considered with a risk level of moderate or high. For example: Befriending a health care provider who only uses its account for professional use in a specific medical background and who has mostly patients in his list of contacts is classified as “likely of correct identification” of belonging to a specific patient group (score 3). If the health care provider’s Facebook profile is accessible for anyone including the list of friends this is rated with the highest degree of accessibility (score 5). Both settings combined lead to a high risk level according to the matrix. Concrete measures and recommendations in this case would be not to befriend this user or to request the health care provider to hide his list of friends. Discussion: Using an adapted risk reporting matrix helped to differentiate the severity of different user behaviors and Facebook settings. In this way concrete measures could be grouped in different priorities. It is important that we understand the risk of using social networks for health topics. In order to benefit from this new way of communication and information sharing we should try to hinder possible threats.