For healthcare organizations that don’t have a firm grasp on social networking, that unflattering Twitter comment or Facebook photo is just the tip of the iceberg.
With social media fast becoming the predominant forum for communication, providers run the risk of damage to their reputations, the airing of sensitive or private data, identity theft, even violations of HIPAA and other healthcare laws.
According to recent surveys, an estimated 74 percent of healthcare organizations say social networking can put the organization at risk, and yet only 17 percent have a risk mitigation policy or program in place, and only 15 percent have debated those risks at the board level. Another survey indicates 60 percent of managers think they have a right to know what an employee is posting on social networking sites, while 53 percent of employees say it’s none of their business and 33 percent don’t even consider the business effects of posting.
Learn on-demand, earn credit, find products and solutions. Get Started >>
“There is very little law that affects this,” said Kathy Dudley Helms, an attorney with the national labor and employment law firm of Ogletree, Deakins, Nash, Smoak & Stewart, who hosted a social networking discussion during the recent 46th annual conference and exposition of the American Society for Healthcare Human Resources Administration. “And yet this is developing. There are going to be protections.”
“Everyone is looking at this stuff for different reasons,” she added.
While organizations like the Ohio State Medical Association and the Mayo Clinic have developed products and programs to help members navigate social media, Helms and attorneys like Mark D. Nelson of the Chicago-based Drinker Biddle law firm are urging providers to take control of the situation before its becomes a costly problem.
“For those of you who don’t have a policy, our view is that you have to have one,” said Nelson. “There’s an awareness level that can be taught and needs to be taught regarding employee use of social media.”
Items such as blogs, Twitter and Facebook postings can disclose damaging information about an organization or be used in future lawsuits. Posted photographs can reveal illegal or improper workplace conditions or actions, or constitute an illegal use of a company uniform or logo. Data gleaned from accounts could be used to track down social security or bank account numbers, or even medical records.
And while social networking may prove problematic to the employer, it could also harm the employee as well. Nelson pointed out that a CareerBuilder survey indicated 20 percent of employers used social networking to screen prospective hires – making those Facebook rants and photographs an inadvertent part of someone’s resume.
Helms offers a number of tips for healthcare providers looking to control social media use, and first and foremost is the maxim that an employer can’t curb an employee’s right to free speech or base business decisions solely on evidence garnered from Internet postings.
“It’s easy when it’s a HIPAA violation,” she said. But otherwise, “the reality is, you can’t monitor everyone’s accounts – you really don’t want to monitor everyone’s accounts. … You need to basically sit down and educate everyone, employees and managers.”