Social media and patient privacy
Hospitals face challenges with social media policy
Staff at Southern Ohio Medical Center have worked hard to make social media a vital part of their everyday operations. “It took about three years for everybody, even our CEO, to get a Facebook account and to put in some information about themselves online,” says Vicki Noel, vice president of human resources/organization development and chief learning officer for the 227-bed hospital in Portsmouth.
While it’s considered a victory to have more staffers accept LinkedIn, Twitter and Facebook as part of the culture at SOMC, concerns over the misuse of social media persist like they do at facilities nationwide. Worries about patient privacy and decreased employee productivity remain, but for hospitals such as SOMC, solutions are tricky.
“That’s the thing, with all violations, it’s shades of gray,” Noel says. “There isn’t an ‘it’s always going to be this way.’ ”
Noel recalls a privacy infraction in which a proud medical resident posted a picture on Facebook of his suturing technique on a patient. The resident included a summary of the patient’s medical history and his medical state as he arrived in the emergency room.
“He was kind of, ‘I’m getting good at sutures,’” Noel says. “Again, I just think the person wanted to show off his sutures—it was a matter-of-fact thing—taking a picture with a cellphone.”
Noel says the hospital received a few warnings from staffers alerting them to the privacy violation. The resident was then given a written warning about the infraction.
More than 1,200 hospitals participate on 4,200 social networking sites, according to a report released this month by PricewaterhouseCoopers, “Social media ‘likes’ healthcare: From marketing to social business.” Those sites include stalwarts such as Facebook to upstarts such as Pinterest, which jumped from 1.2 million U.S. users to 11.7 million over six months. The same study also reveals the No. 1 social media concern for consumers is the dissemination of their personal information online.
Use of smartphones is a major reason why blocking access to social media sites at hospital workstations in hopes of controlling their employees isn’t an answer to that top concern, says Dan Goldman, legal counsel for the Mayo Clinic, an organization that is one of the top advocates for social media in healthcare. The Mayo Clinic Center for Social Media is dedicated to connecting patients with clinicians and public affairs officials and serves as a social media learning resource for other hospitals.
Questions related to blocking social media access are the most popular Goldman hears at the seminars he hosts, which show executives how to navigate the sometimes intimidating world of these new tools. Goldman also co- hosted a webinar last year titled, “Social media and HIPAA are NOT enemies.” About half of hospitals and other care providers block social media sites, Goldman says.
Goldman says that about three years ago, he started immersing himself in social media. He now speaks on panels giving administrators tips on how to use social media and draft employee guidelines. He compares Internet use to phone use, and says social media should be treated like any other nonwork-related activity.
“I sort of think it’s a little like the 1920s on whether phones should be used in healthcare,” he says. “A lawyer in the 1920s probably said there are too many risks about using phones.”
When establishing guidelines, hospitals must make sure they reference legal issues including the Health Insurance Portability and Accountability Act, says Kasey Sixt, vice president of CKR Interactive, a recruitment firm based in Campbell, Calif. “The goal of your social media policy is to provide clearly delineated guidance and compliance boundaries, so employees feel comfortable communicating and participating on the social channels,” she says.
Blocking access won’t eliminate employee distractions or the potential for abuse, because employees bent on not doing their work will use a smartphone or find another outlet, Goldman says. Restricting access also won’t stymie privacy infractions; that only postpones the inevitable, he says.
Understanding how employees of different ages use social media is also important, Goldman adds. He calls those who grow up using the sites “lifecasters”—people who have spent much time broadcasting their experiences online. Training them about the perils of revealing improper information online is important, he adds.
While the suture-happy resident at SOMC received a warning, another incident last year resulted in a firing when an emergency department staffer disclosed patient information online, Noel says. The patient was allegedly involved in a crime, and an employee decided to post information on Facebook. When questioned by human resources officials the next day, the worker admitted to accessing information he shouldn’t have and then posting it via social media, Noel says. Once again, it seems a social media team wasn’t necessary to police employees. Multiple co-workers alerted staff about the infractions. Noel says employees can often police themselves because they know when the line of unacceptable use of the Internet is being crossed.
“It’s tough when we you have to fire someone,” Noel says. “It’s a tough, tough lesson.”
Restricting online access at the workplace might have limited value, but it doesn’t affect how an employee uses the Internet away from the job. But there are still concerns on how much the employee represents his workplace when posting online musings. That’s something the National Labor Relations Board is investigating, wanting to ensure employers can’t hold employees culpable for all they do online away from the workplace.
The NLRB released its second social media report in January, attempting to provide further clarity over what activities constitute grounds for termination of employment. The NLRB’s 35-
“We have federal and legal obligations for the privacy of our patients, and I think we have a moral responsibility that even outweighs the legal obligations to our patients,” says Poudre Valley CEO Rulon Stacey, who writes a blog for the system.