search

nhsuk / nhsuk-service-manual-community-backlog

This is a place for digital teams in the NHS to work together and develop the NHS digital service manual.
https://service-manual.nhs.uk/community-and-contribution
62 stars 5 forks source link

Social media guidance #184

Open theonlymojo opened 4 years ago

theonlymojo commented 4 years ago

What

Social media guidance for teams, products and services within the NHS.

Why

There are a number of teams and services that use social media across the NHS to communicate with patients and users. Currently, there is no guidance within the service manual about using social media. There are learnings from the NHS.UK social media team that can be shared more widely by being published within the service manual.

There have also been requests for this type of guidance on the service manual slack and informally through conversations with the service manual team.

theonlymojo commented 4 years ago

Tagging @NaoPattem who is part of the NHS.UK social media team. Would be good to attach/share any references or draft guidance you have for the NHS.UK team.

Would be nice to get some more feedback and references from teams across the NHS about social media. The service manual team are keen to explore and publish some guidance next year.

sarawilcox commented 4 years ago

NHS England published this: https://www.england.nhs.uk/wp-content/uploads/2018/04/social-media-policy.pdf NHS 24 (Scotland) have this: https://www.nhs24.scot/data/uploads/PDF/Human_resources/NHS%2024%20Social%20Media%20Policy.pdf NHS Employers: https://www.nhsemployers.org/~/media/Employers/Publications/NOVEMBER%20Your%20guide%20to%20using%20social%20media%20in%20the%20NHS.pdf NHS Digital: https://digital.nhs.uk/about-nhs-digital/corporate-information-and-documents/nhs-digital-style-guidelines/how-we-talk/social-media

K8Wright commented 4 years ago

Hi @theonlymojo I’ve only been with the NHS for 5 months. I work for a newly merged Trust in Cumbria. I was brought in to help them create their new public website. I found the Digital Service Manual incredibly helpful, particularly the content style guide.

I’m now helping them with their social media as they are looking to implement a new strategy. I was hoping there might be some guidance for NHS Trusts on this. If you do anything it’ll be too late for me but I think it would be so helpful for Trusts so you can help them to create a strategy that compliments and works with the social media for @NHSUK.

EllenDoyle commented 2 years ago

As our presence online increases should we be using the guidance already provided by the [NHSD Social Media Team] (https://digital.nhs.uk/about-nhs-digital/corporate-information-and-documents/nhs-digital-style-guidelines/how-we-talk/social-media)

sarawilcox commented 2 years ago

Need to compare this with the social media guidance from the NHS.UK social media team. (A potential epic: https://github.com/nhsuk/nhsuk-service-manual/issues/668).

I can get the latest version from Joe Freeman if people are interested.

andrew-nhsbt commented 2 years ago

Where NHS Organisations have organisational social media accounts, AND those platforms have direct message functionality (which in some platforms, cannot be disabled), these organisations may be unwittingly accumulating sensitive patient data on these platforms, which do not offer automated retention/destruction scheduling.

For example, a person struggling to get through to a GP on the phone, could in desperation DM the trust on their preferred social media platform in an attempt to get their problem solved. As the message is free text, there is no limit on the type of data that could be included in these messages: sexual orientation, health conditions, disabilities.

While most organisations would not engage on such matters over these channels, instead directing them to a more appropriate channel, unless the organisation is also deleting each DM they receive, they will be accumulating a horde of sensitive personal data.

In some cases, the social media username/passwords are shared in such organisations, with no multi-factor-authentication, which means that the data within these DMs is vulnerable to leakage.

We're also dependent on implied consent rather than explicit consent to be storing the content of the message for longer than is strictly necessary.

I think DM functionality for organisational accounts is an area that would benefit from guidance, along the lines of, if you have DMs open, you need to monitor them, respond signposting to the most appropriate contact point, and then delete the message (perhaps first copying it to a better protected and more durable repository).

Do not allow messages to accumulate on these platforms in perpetuity!

Also, it would be great if we could apply pressure to the social media platforms to enable bulk delete/scedheduled deletion of messages. The line from Twitter is that the only way to delete messages is via the UI, and they will not give permission to use any sort of Robotic Process Automation on their UI for that purpose (as it is expressly forbidden in their terms of use).

joefreemansocial commented 2 years ago

Thanks Andrew, all useful insights. As I understand, wider NHS guidance for social is that 2FA is used (it is for our NHS.UK national channels, for example). Your points on messaging are valid. Our DMs are turned off but monitored. We can align with NHS England colleagues on points raised to check local-level guidance.