Use of smartphones is a major reason why blocking access to social media sites at hospital workstations in hopes of controlling their employees isn't an answer to that top concern, says Dan Goldman, legal counsel for the Mayo Clinic, an organization that is one of the top advocates for social media in healthcare. The Mayo Clinic Center for Social Media is dedicated to connecting patients with clinicians and public affairs officials and serves as a social media learning resource for other hospitals.
Questions related to blocking social media access are the most popular Goldman hears at the seminars he hosts, which show executives how to navigate the sometimes intimidating world of these new tools. Goldman also co-hosted a webinar last year titled, “Social media and HIPAA are NOT enemies.” About half of hospitals and other care providers block social media sites, Goldman says.
Goldman says that about three years ago, he started immersing himself in social media. He now speaks on panels giving administrators tips on how to use social media and draft employee guidelines. He compares Internet use to phone use, and says social media should be treated like any other nonwork-related activity.
“I sort of think it's a little like the 1920s on whether phones should be used in healthcare,” he says. “A lawyer in the 1920s probably said there are too many risks about using phones.”
When establishing guidelines, hospitals must make sure they reference legal issues including the Health Insurance Portability and Accountability Act, says Kasey Sixt, vice president of CKR Interactive, a recruitment firm based in Campbell, Calif. “The goal of your social media policy is to provide clearly delineated guidance and compliance boundaries, so employees feel comfortable communicating and participating on the social channels,” she says.
Blocking access won't eliminate employee distractions or the potential for abuse, because employees bent on not doing their work will use a smartphone or find another outlet, Goldman says. Restricting access also won't stymie privacy infractions; that only postpones the inevitable, he says.
Understanding how employees of different ages use social media is also important, Goldman adds. He calls those who grow up using the sites “lifecasters”—people who have spent much time broadcasting their experiences online. Training them about the perils of revealing improper information online is important, he adds.
While the suture-happy resident at SOMC received a warning, another incident last year resulted in a firing when an emergency department staffer disclosed patient information online, Noel says. The patient was allegedly involved in a crime, and an employee decided to post information on Facebook. When questioned by human resources officials the next day, the worker admitted to accessing information he shouldn't have and then posting it via social media, Noel says.
Once again, it seems a social media team wasn't necessary to police employees. Multiple co-workers alerted staff about the infractions. Noel says employees can often police themselves because they know when the line of unacceptable use of the Internet is being crossed.
“It's tough when we you have to fire someone,” Noel says. “It's a tough, tough lesson.”
Restricting online access at the workplace might have limited value, but it doesn't affect how an employee uses the Internet away from the job. But there are still concerns on how much the employee represents his workplace when posting online musings. That's something the National Labor Relations Board is investigating, wanting to ensure employers can't hold employees culpable for all they do online away from the workplace.
The NLRB released its second social media report in January, attempting to provide further clarity over what activities constitute grounds for termination of employment. The NLRB's 35-page “Report of the Acting General Counsel Concerning Social Media Cases” also stressed that administrators should avoid sweeping guidelines that prohibit federally protected activities such as discussions of wages and working conditions between employees. However, some comments, including those seen as “mere gripes not made in relation to group activity among employees” wouldn't be seen as protected by federal law, and could lead to termination.
That relates to last month's buzz over whether an employer should ask for a job applicant's login information for social media sites such as Facebook, which would grant them access to personal messages and any information streams that could be blocked from the public's eye. None of those questioned for this story say they could envision a situation where it would be proper to ask for an employee's Facebook password.
Personal profiles pose other concerns, as restricted speech there could be construed as restricting an employee's speech during personal time away from work. Noel drew a parallel with trying to control employee comments about their job uttered during a baseball game. It's easier to regulate official organizational accounts by carefully selecting who represents the company in an official capacity. That practice knits a safety net aimed at easing concerns over who shares information online.
But Andrew Richburg, executive vice president of marketing and strategy at 20-hospital Sanford Health, Sioux Falls, S.D., says administrators shouldn't see themselves as puppet masters when it comes to social media. Making sure employees know where to find their organization's social media guidelines—many times they don't even know they exist—and ensuring they receive proper training serves as a better policy versus having someone attempt to keep up with every post. Taking caution in selecting members who tweet and post on behalf of an organization reduces stress from attempting to do that.
But even that didn't prepare SOMC from a time when a grief counselor helped establish a Facebook group with teens. While the teens could have created their own online forum to discuss their experiences, the counselor's involvement amounted to a HIPAA violation. The counselor had to stop her involvement. There was no other disciplinary action or consequences. “She honestly was not thinking about it,” Noel says.
Employees came to management to alert them of the HIPAA violations at SOMC. Encouraging participation with social media is one way to have extra eyes and ears to ensure compliance, but you have to be authentic, Richburg says.
A similar approach is used at two-hospital Poudre Valley Health System based in Fort Collins, Colo. “We don't actively police any accounts, but we often at times are made aware by our own employees of what people have said on their Facebook accounts,” says Rulon Stacey, Poudre Valley's president and CEO.
Stacey, who writes a blog on Poudre Valley's website, calls the concerns over privacy valid, but also says he doesn't want to see hospitals avoiding using social media because of fear.
“We have federal and legal obligations for the privacy of our patients, and I think we have a moral responsibility that even outweighs the legal obligations to our patients,” he says. “As new technology develops, I think we have an obligation to manage the development of those different resources. There are many benefits to some of the next generations of information exchanges that can help us, but we have to make sure they're used appropriately.”