Start Your FREE Membership NOW
 Discover Proven Ways to Be a Better Medical Office Manager
 Get Our Daily eNewsletter, MOMAlert, and MUCH MORE
 Absolutely NO Risk or Obligation on Your Part -- It's FREE!

Upgrade to Premium Membership NOW for Just $90!
Get 3 Months of Full Premium Membership Access
Includes Our Monthly Newsletter, Office Toolbox, Policy Center, and Archives
Plus, You Get FREE Webinars, and MUCH MORE!

Compliance perspective: How to keep an employee from damaging your practice on social media

In the cyber age, protecting your practice from the potential threat posed by employee blogging, tweeting, Instagramming, and other social networking is a business imperative. But how? To find out, keep reading. . .

It is your business

The starting point is recognizing that social networking by employees is not purely a private matter. Over the past decades, courts and arbitrators have consistently recognized an employer’s right to intervene to prevent activity that harms or has the potential to harm the organization’s business or reputation, including:

1. Productivity losses

Anyone who has at least dabbled in it understands how addictive social networking can be and how easily it can suck up your time. What may be intended as a simple exchange can turn into a day-long interaction. And, of course, many employees choose to do their social networking at work. According to one recent study, the average employee spends 2.35 hours on social media during every work day(!), resulting in productivity losses of 13%.

2. Threats to business confidentiality

One of the things people like to talk about is their jobs. And in a social context, they tend to speak candidly. Such conversations can be kept private when they occur face-to-face or on the phone. But keeping such interactions private is more problematic when they occur online, especially within an external social network that anybody with internet access can join like Facebook or LinkedIn. The result: damaging leaks, whether deliberate or inadvertent. Example: An employee tells her Facebook chum that your practice is in secret merger talks with another practice and expresses concerns about her job.

3. Undermining of management

Complaining to friends about work, bosses, and colleagues is a venerable and largely harmless social tradition. But when it happens online, it’s not so harmless, even if the whole conversation takes place while the employee is off duty and at home. In a cyber world, gripes get expressed in the form of inappropriate postings, pictures, and jokes about doctors, patients, and colleagues online where anybody can see them. In addition to harming morale, such communications can expose your practice to risk of liability for harassment, discrimination, and other violations.

4. Harm to reputation

The unflattering things or inappropriate materials say or post online on their networking page about your practice, its staff, and the doctors or patients it serves may harm your reputation and standing in the community.

Example: In her blog, a hospital RN referred to the nurse who supervised her as “Nurse Rached”—the nurse from hell in One Flew Over the Cuckoo’s Nest. Although the employee didn’t use her name in the blog, she didn’t bother to hide the fact that she worked as a nurse for a hospital in a particular county that had only one hospital. So, it was pretty easy to figure out who “Nurse Rached” was. An arbitrator found the blog grounds for termination.  

5. Violations of patient privacy

Employees may reveal patient records and other PHI that violate HIPAA.

6. Discrimination & harassment of other employees

Online comments about co-workers may constitute harassment or discrimination and expose your practice to liability. Employees may also download, view, or transmit pornographic, racist, and other offensive material from the internet at work in violation of your harassment or discrimination policies.

7. Liability for illegal activities

Employees may conduct illegal activity on the internet at work, such as distributing child pornography or downloading material in violation of copyright law. There’s no shortage of legal theories that can be used to hold your practice vicariously liable for such activities especially when employees use your computer and network to conduct them.

8. Harm to IT infrastructure

Employees who use the internet for unauthorized purposes may introduce viruses, worms, Trojan horses, and the like into your practice’s information network, causing serious problems for the IT infrastructure. Use of the practice’s network for personal business, e.g., downloading large files, can also slow down the system and make it harder for other employees to use the network to do their jobs.

3 ways to prevent social networking abuses

Implement clear and specific policies to establish your right to discipline employees for social network abuses or, better yet, deter them from committing them in the first place. Three strategies that have proven effective:

1. Address social networking in confidentiality agreements

Like many practices, you may ask employees to sign confidentiality agreements banning them from disclosing confidential information. Add language to the agreement requiring employees to abide by their confidentiality obligations while engaging in social networking and other forms of online activity. Spell out that revealing sensitive organization information on an online social network at home is just as unacceptable as doing it in a business communication during work. 

2. Address social networking in codes of conduct

Most practices have HR policies or standards of conduct banning unacceptable behavior like harassment, bullying, and bad-mouthing bosses, clients, and the organization. Indicate that these forms of misconduct are equally unacceptable and subject to discipline on a social network or other online activity, whether conducted on- or off-duty.

3. Set specific policy on employee social networking

The centerpiece of your effort to curb social networking and blogging abuses is to establish and consistently enforce a Social Networking Policy that addresses these activities. Make sure your policy is realistic. Simply banning employees from using social networking sites or blogging altogether is impossible to enforce, especially to the extent it applies to what employees do off-duty. Although each practice must tailor its policy to its own, the Model Policy is a pretty good template. Like the Model, your social networking policy should spell out that: 

  • All practice computers, IT equipment, and internet access is intended for business use only and may not be used for non-work-related purposes;
  • Employees are expected to work while on duty;
  • Employees may not post or say anything on a social networking site that harms the practice’s reputation and good standing in the community;
  • Employees may not insult, offend or demean the practice or its staff, clients, or patients or divulge confidential information about them online; and
  • The content of any employee postings must comply with all practice policies, including its code of conduct and discrimination and harassment policies.

Editor’s picks:

Model Employee Social Networking Policy

How one irritated patient can start a social media firefight

Is your medical practice’s social media policy adequate?









Try Premium Membership