Creating a Social Networking Policy

• Social networking sites like Facebook, Twitter, and Instagram have created productivity problems in nearly every industry.
• While many businesses have been forced to take measures to prevent workplace idleness by blocking social media sites on workplace computers, there are concerns in the medical and healthcare industry related to these sites that go beyond wasted work hours.
• Because many of the matters that occur in a doctor’s office, clinic, or hospital are subject to protection under the Health Insurance Portability and Accountability Act (HIPAA) an indiscreet status update or photo can expose these businesses to liability.

While medical doctor’s, dentists, physician’s assistants, nurses, and specialists universally receive training and instruction in HIPAA laws, many are still careless when it comes to updating their social networking accounts. One of the reasons for this is that there is an illusion of privacy surrounding sites like Facebook and Twitter.

Most of these networks allow users to limit the information they post to the people who they’ve allowed access. However, social networking sites often allow “friends of friends” to also view protected information.

Additionally, changes to security protocols in a site often require users to reset their preferences to be effective against unauthorized viewers. And, as with anything on the internet, once you post something you can lose some control over it and you cannot be sure who will get access to it.

Healthcare providers and medical and dental practices would be wise to institute a social networking policy to prevent their employees from inadvertently exposing their practices and institutions to governmental inquiries, possible civil lawsuits and even licensing board actions. Consider the following two scenarios and their potential impact on the respective employers:

1. A staff member takes a photo of their colleagues at the office. In the background is a patient’s x-ray or medical chart. Identifiable patient information may be visible in the photo. One of the staff members posts the photo on Facebook and later tags everyone in the photo, potentially exposing patient information to thousand’s of Facebook users.
2. After a long day in operating room and a particularly difficult surgery on a traffic accident victim, a surgical assistant tweets, “That poor kid on the motorcycle may not make it. At best he’ll only lose a leg. What were his parents thinking?” The accident makes the evening news and the tweeted statement is seen and then re-tweeted by several followers, which increases the exposure.

In both cases, information about the health of a patient is being released to scores of unauthorized individuals. If one of the victim’s family members or friends brings this to the patient’s attention, the hospital could have a host of problems.

Not only can privacy issues be implicated by postings, but seemingly innocent comments or photos may cause irreparable damage to a practice. For example, an employee might post “What a day!. We had very difficult surgery. I can’t believe the surgical assistant wasn’t prepared again!” What would happen if there was a complication and the patient or a malpractice attorney got hold of a statement like that?

Having a sound social networking policy allows practices and hospitals to protect patients privacy avoid harmful statements and to disavow the actions of employees who violate those policies.

Healthcare providers who are trying to develop policy language to regulate their employee’s social networking activities should contact a knowledgeable Colorado attorney who represents healthcare providers and professionals.