The trusted source for
healthcare information and
Policy crucial to avoiding web breaches
Only about a quarter of employers have a policy on employees' use of social networking sites, says Danielle Urban, JD, an attorney with the law firm of Fisher & Phillips in Denver.
"Without a policy, it's harder to discipline and to fire an employee," Urban says. "We recommend that employers have policies against employees blogging, posting, or Tweeting anything that identifies that person as an employee of the organization. Or if you don't go that far, you can require employees to post a disclaimer that anything they say is not endorsed by the hospital and is being said only as a private person, not your representative."
Urban also suggests the policy include a requirement that the employee not mention a coworker, patient, vendor, or any other contact from work without obtaining permission from that person first.
"Remind employees that what they do on their private time can be a violation of company policy and maybe even the law," Urban says. "It's amazing how many people think they can post something on the Internet and it will be seen only by the people they want to see it. It's out there for people to see, and employers will find out about it even without doing anything sneaky to monitor what you do. These things can cost you your job."
Employers have a legitimate interest in limiting what their employees post, says Amanda Vega, a consultant in New York City specializing in social networking sites and media management.
"The written policy on the use of social networks should be signed by all employees, so there is no misunderstanding. The hospitals cannot say that employees are not allowed to use social networks, but they can have a policy clearly stating that they may not write, chat, take pictures, Tweet, or post on Facebook, etc., about any patient," Vega says. "This can also apply to stating information about any personnel within the hospital doctors, nurses, interns, technicians, or medical reps."
Even after the written policy is in place, there should be at least an annual policy review and training for the employees in case there are any issues to address or new social networks that have come into play, she says.
"If the employee agrees to not post any patient information and does it anyway this would include referencing a patient as a cop killer this can be terms for a serious violation and/or termination," Vega says.
The best policies tend to limit Internet usage and prohibit most blogging or posting on sites while at work, says David Gevertz, JD, a shareholder and vice-chair of the labor and employment department at the law firm of Baker, Donelson, Bearman, Caldwell & Berkowitz in Atlanta. Gevertz says the policy also should include these points:
Emphasize that employees remain responsible for the content of texting and Internet postings done outside of work.
Reserve the health care organization's right to demand that the employee remove the information from the posting site.
Strictly prohibit the dissemination of, posting, or reference to patient identifiable financial or health information.
Reserve the company's right to monitor, review, and inspect all e-media use conducted through its networks and the contents thereof.
Mandatory training on the policy should include examples of what is and is not appropriate material for public dissemination.
Danielle Urban, JD, Fisher & Phillips, Denver, CO. Telephone: (303) 218-3650. E-mail: Durban@laborlawyers.com.
Amanda Vega, New York City. Telephone: (646) 450-8342. E-mail: Amanda@amandavega.com.