By now, everyone is probably familiar with Dawnmarie Souza's dispute with American Medical Response, where the National Labor Relations Board sided with an emergency medical technician's right to bad-mouth her supervisor on Facebook (the case eventually settled), as well as the three memoranda issued by the NLRB's Acting General Counsel on social media issues. (Available here, here, and here.) All employers have had difficulty placing appropriate controls on employees' use of social media while trying not to run afoul of the NLRB, but the situation is even more complicated for healthcare employers, who must be concerned about medical malpractice, patient confidentiality, and the complex regulatory environment in which they operate.
A case in point, from 2010: Nursing student Doyle Byrnes attended an on-site lab course at the Olathe (Kansas) Medical Center. During the course of that class, the students had an opportunity to examine and study a human placenta. Ms. Byrnes thought it would be funny if she and three of her friends posed with the placenta. She asked her instructor for permission to put the photo on Facebook, which garnered a "oh, you girls" in response – but no specific instructions to not post the photo. Even though the photo remained on the student's Facebook page for only three hours and there was no identifiable information about the patient, the picture created a problem for both the college and hospital. All four of the students were expelled for unprofessional behavior. After a legal battle, all four students were readmitted to the school in 2011.
Social Media and Healthcare
When it comes to use of social media in the workplace, the NLRB has been particularly aggressive (and "anti-employer"). The most recent Acting General Counsel Memorandum, issued in May 2012, discussed a case that involved the social media policy of a health care services billing company. The policy contained a clear statement requiring employees to "respect privacy":
If during the course of your work you create, receive or become aware of personal information about [employer's] employees, contingent workers, customers, customer's patients, providers, business partners or third parties, don't disclose that information in any way via social media or other online activities.
This policy seems perfectly reasonable and is addressing the employer's need to protect sensitive personal patient information. But the NLRB found that a blanket prohibition against the public discussion of personal information was unlawful. According to the Board, the policy unlawfully prevented employees from discussing the hours and wages they may work with co-workers – and may prevent them from organizing. On the other hand, the NLRB did not have a problem with confidentiality provisions that protected confidential patient information from disclosure.
The policy also asked employees to "adopt a friendly tone when engaging online." Employees were asked to avoid "inflammatory" subjects such as "politics and religion" and to refrain from personal attacks and insults. Again, this seems like a good policy – preventing potential incidents of harassment and abuse online. The NLRB, however, found this provision unlawful because it prevented employees from discussing potentially heated or controversial topics like unionism or working conditions.
The American Medical Association has released a policy to guide members in online patient communications. Specifically, physicians should set appropriate boundaries with patients, and recognize that online actions could negatively affect their (or the hospital's) professional reputation.
But more importantly, what is posted to an open-format website, such as a Facebook wall, becomes public domain. Exchanges on social media websites between doctors and their "friends" from the general public can take on the appearance of a provider-patient relationship. Once that relationship is established, the doctor has a legal duty to the patient and is open to malpractice claims for the advice freely given. Also, these communications create a permanent written record that may be subject to discovery in a later malpractice lawsuit.
Doctors, nurses, and other healthcare employees may post about the events of the workday, just like countless other employees on the internet. However, these posts can take on a different meaning in the malpractice context. A seemingly funny story about a grumpy patient and the comedy of errors that ensues may find its way into the courtroom. Imagine trying to defend your institution's professional reputation and integrity when the jury hears a factually similar story that was told for just for the laughs.
Social media can also create licensing issues for physicians and nurses. For example, if a doctor dispenses advice through a social media forum to a "friend" who lives in a different state, has the doctor practiced medicine without the correct state license? To avoid these situations, doctors and nurses who interact with the general public online should include clear disclaimers that the information is not intended to create a professional relationship and that the person should consult a local doctor in person for treatment and advice.
Preventing Harassment and Discrimination
During the hiring process, employers frequently use social media to get the "real story" about an applicant. However, the Equal Employment Opportunity Commission warns that managers should be careful because information like religion, disabilities, pregnancy, or other "EEO" information may be inadvertently discovered. An employer cannot be liable for discriminating based on information that it doesn't know about, but if an employer refuses to hire an applicant after having that information, it will be more difficult for the employer to prove that its decision wasn't discriminatory.
One possible solution is to divide the work – allow one HR employee to conduct the internet search and share only the information that is pertinent to the hiring decision, and to allow a different employee (who has access only to the "sanitized" information) to make the decision. An even better solution is for the employer to limit itself to viewing profiles on professional networking sites, like LinkedIn, because people do not usually include any but the most basic personal information on these sites.
As previously discussed, the NLRB has ruled that a healthcare employer's prohibition on discussing "inflammatory" subjects was unlawful. On the other hand, the Board seems to approve prohibitions on discriminatory or harassing social media behavior.
One last unanticipated effect of social media concerns the impact on the most important individual in the healthcare industry – the patient. The Health Insurance Portability and Accountability Act specifically prohibits the release of individually identifiable information that relates to the individual's past, present, or future medical treatment.
Most healthcare employers are, of course, "covered entities" under the HIPAA regulations, and so they also face liability in the event of a release of protected health information by their employees. Penalties range from $100 to $50,000 per violation. Although HIPAA does not provide for a private cause of action against violators (in other words, individuals cannot sue covered entities under HIPAA for the disclosure of information), many plaintiffs are now using HIPAA violations as the basis for claims of invasion of privacy under state law.
No doubt employees in the healthcare industry know that patient information is private and confidential. However, they may need to be reminded that this includes any social media postings about their "day at the office." Employees in healthcare should understand that release of any information that could permit identification of a patient is prohibited and ground for termination of employment.
What Can You Do?
• Train your workforce on the consequences of using social media. In the healthcare industry, place special emphasis on issues related to patient confidentiality, the physician-patient relationship, and the unauthorized practice of medicine, as well as online harassment and discrimination.
• Direct employees to make it clear that their personal opinions are not endorsed or supported by you, the healthcare employer.
• Emphasize good judgment and responsibility when online. Encourage civil discussion, but be aware that the NLRB's position is that you cannot "require" civil discussion.
• Require compliance with all applicable laws.
• Require compliance with rules of the applicable social media sites.
• Be consistent when disciplining employees who violate your policy except as required to meet any reasonable accommodation obligations that might apply.
If you need assistance in developing or applying a social media policy, please contact any member of Constangy's Labor Relations or Litigation practice groups, or the Constangy attorney of your choice.