|
In the wake of social media's explosion, managers are scrambling to take account of comments--the good, the bad and the ugly--that employees broadcast on public sites. All companies are at risk, but perhaps none so much as health care providers, where they not only have an image to protect, but patient privacy, too.
Shutting down access is easy, but it's not always the best answer. A letter from a health care facility to its employees declaring a ban on social media use at work was lambasted across--of all things--blogs, with many comments criticizing the unnamed facility for failing to get with the times. On the other hand, some facilities have taken the fall when employees (unwittingly or not) exposed personal health information online.
When drafting a social media policy, there's bound to be trial and error, but it's best to lay down some rules now, according to Teresa Tracy, principal with Gladstone Michel Weisberg Willner & Sloane, ALC, Marina del Rey, CA. "In the workplace, any new trend like this creates a whole host of problems, and the smart employers are alert to those and let the employees know in a prompt and timely fashion what their expectations are."
Determine Priorities
Policies will vary depending on the organization, but for health care facilities, the main concern is always patient privacy. "Make sure employees know they cannot post pictures of any patients on their Web site--that would be No. 1," Tracy said.
And it's not just photos; any type of identifying information, including details from medical records, is off limits. It's consistent with HIPAA protections and seems like common sense, but it's still best to spell out, according to Tracy. "Some employees, strange as it may seem, really are not aware these things are not allowed," she said.
Last June, Cleveland Clinic amended its general media policy to include specific guidelines for social media use. Patient privacy was a prime provision. "You have to go to extraordinary lengths to protect patient confidentiality," said Paul Matsen, chief marketing and communications officer, Cleveland Clinic.
Privacy violations aren't always black-and-white, either. An employee may think sharing a general account of a patient encounter is fine, as long as the patient isn't named, but the post could include enough information to single out the specific individual. "Let's say a patient read that and identified themselves as the patient involved, that would be a problem," Matsen said.
Employees should be cautioned that anything they post publically could be held against them, even if the intention was innocent.
Social media policies can also protect a facility's image. Cleveland Clinic requires employees to get prior approval from the corporate communications team before posting anything that represents the organization. Employees are free to share their own opinions, but if they identify themselves as employees of Cleveland Clinic, they're expected to comply with the guidelines.
Employers are legally allowed to bar employees from using the organization's name or logo, revealing trade secret information or harassing employees on social media sites, Tracy said. If employees identify their place of employment, they should also note their comments do not represent the employer.
Supervisors also might want to consider how social media access, rather than just the content, is affecting the organization. Video-sharing sites like YouTube can drain bandwidth and productivity, so employees should be urged to use such sites sparingly, if given access at all.
Be Reasonable
Employers can ban all the sites they want, but they'd be foolish to do so, according to Paul Levy, President and CEO of Beth Israel Deaconess Medical Center in Boston. A blogger himself, Levy said the hospital has no social media policy in place, and employees like it that way. "You need to have regular policies for things like patient and personnel confidentiality, but the idea that you need a separate social media policy on such matters is wrong-headed," he said.
As long as general policies for speech and publication exist, there's no need to block social media access, Levy continued. Doing so would be futile, as employees could use their iPhones and PDAs to post on sites.
Tools are available to monitor social networks--Matsen said Cleveland Clinic uses an advanced program to track who says what about the organization--but there's only so much surveillance can do. Comments on password-protected sites, for example, may be off limits, Tracy said; a recent court case found that an employer violated the employee's privacy when managers used material from a closed forum to justify termination.
Instead of becoming watchdogs, supervisors should be understanding about social media use, Tracy said. Just as employees are allowed to make brief personal calls from work, the occasional Facebook post or Twitter update shouldn't be cause for dismissal.
To keep guidelines in check, get input from various sectors of the facility, Matsen said. Cleveland Clinic's social media council includes staff from nursing, education, corporate communications and marketing, which creates a "rich dialogue" for policy writing, Matsen noted.
When an employee does abuse social media, policies can help determine recourse, but the final determination should be on a case-by-case basis. "It would depend on the gravity of the exposure, to be quite frank," Matsen said. "A HIPAA violation would be quite different from someone criticizing management, for example."
Levy agreed. Making a negative comment is one thing; spreading lies or rumors is another; and a privacy violation is, well, a privacy violation. "HIPAA and other rules are inviolate, regardless of the medium," he said.
Acknowledge Benefits
Social media policies shouldn't just focus on the negative; they can also encourage positive use of networking sites. Cleveland Clinic's recruitment and continuing education teams use Facebook to target job seekers, and Matsen is hoping to launch specialty-specific blogs, where patients could find news and general advice from physicians. "We're being a bit cautious about that, but we're looking, and over time we hope to get more physicians and employees involved," he said.
Social networking is so ubiquitous, questioning its benefits is outdated, Levy said. So long as they follow general hospital guidelines, there should be no real limit on how employees tweet or post.
Whether or not an employer drafts a specific social media policy for employees, the important thing is to follow the trend, so if anything does come up that warrants a policy change, the facility can be ready. "It's a rapidly evolving medium," Matsen said, "so you need to stay attuned to how it's growing and adapt your policies as you need to going forward."
Cheryl McEvoy is an assistant editor with ADVANCE.
Related Content
For additional management articles, click here to browse our archives.
Read our Management Q&A on "Troubling Tweets" and join the discussion here.
|