We've all read the stories of hospital workers being fired because of releasing patient information on Facebook or Twitter. Those rogue employees might not have acted alone—they might have been enabled by their employers' weak social media policies.
How do you solve a problem like social media?
Last week in this space, I presented the view of openness and opportunity as it relates to social media policies in the workplace. It's become clear to me that blocking social media is not about a distrust of the masses. Instead it's about the fear of employees going rogue.
Reasons vary, but more than half of hospitals are estimated to have policies in place that block access to social media sites on their networks, according to InCrowd, Inc., a healthcare market research company.
See Also: 4 Reasons to Ban Social Media in Your Hospital
We've all read the stories of hospital workers being fired because of releasing patient information on Facebook or Twitter. Just last month Cedars-Sinai Medical Center in Los Angeles terminated five workers for inappropriately accessing patient records. The breach occurred days after Kim Kardashian gave birth at the facility.
In many of these instances, the blame should not fall entirely on employees' shoulders. Rather, it is weak social media policies that contribute to privacy violations. The most important step to reducing risk comes from educating staff around appropriate behaviors and building a broad social media policy that covers employees social media activities both at work and at home.
Here are the fundamentals of building a bullet-proof social media policy that keeps employees in line and minimizes organizational risk.
1. Align Your Policies
"The most important thing is to make sure your social media policy is consistent with your HIPAA policy. If you have a rogue employee and they put something up on social media that would violate the hospital's policy, the hospital still can't wash their hands of it," says Timothy Scott, an attorney of Fisher & Phillips LLP in New Orleans.
Scott regularly works with healthcare employers to help develop their policies. "It's not necessarily feasible that the hospital have a policy that dictates you can't engage in social media large. Your policy, though, should definitely notify the employees that if they put something up on social media inside or outside of work hours, and if you can confirm that the policy was violated, you can take action on that."
Make sure your policy is as broad as anything an employee can possibly think of, and covers all facets of Internet activity at home and at work. It must be abundantly clear that absolutely everything they put on the Internet about work could potentially land them in a meeting with the CEO.
2. Preserve Productivity
Another major concern for healthcare employers is the impact social media can have on employee productivity. At University Health Systems, the IT department decided to run an experiment to determine how often employees were using work computers for non-work purposes. This was in the early 2000s, according to Leni Kirkman, vice president of strategic communications and patient relations at University Health Systems, a large academic medical center in San Antonio, TX.
At one radiology station, the IT department monitored a single computer's Internet browsing history for one day and printed out every webpage employees visited within a 24-hour period.
At the next directors meeting, the CIO rolled in a cart stacked with of reams of paper, physical proof that employees were using the computer for personal Internet browsing. It was that day University Health Systems made the decision to block from its networks all web sites unrelated to work.
Social media hadn't hit yet, but when it did, Kirkman says it didn't matter because employees already worked under the expectation that work computers were restricted.
Kiman and others I spoke with say banning social media on work computers has become a moot point because smartphones can operate on Wi-Fi networks that can reach beyond the corporate network. Now many managers on UHS hospital floors have taken the next step, directing that phones be stowed away during patient care time.
3. Set Boundaries
Hospital marketing departments are in a particularly tough position with regard to employees using social media. Being marketers and employees themselves, hospital marketers naturally want to boost the brand's message wherever possible, and maximize a hospital's reach into the community.
"I've heard from my staff a lot over the years that we need to lobby to get this opened. There are a number of organizations that really empower employees to do a quick tweet," says Kirkman.
"I don't really see the value of that, not because I want to control what people are saying about the organization, but we want people to do it in a way that's smart, and it's just too risky. I just didn't see the value of fighting for this just so people could post on their Facebook."
We have to be really diligent with the education of our staff," says Kirkman. "When you post things with your friends, that's not private. You really don't want to have the conversation with the CEO, and that's where [ultimately] you'll have it.
4. Enforce Your Policies
At Scott & White Healthcare in Temple, TX, the human resources department has accepted that you can't stop employees from using social media, says Keith Minnis, SPHR, Vice President of Human Resources, Recruitment & Talent Management. But HR executives there have discovered they need to prohibit the use of all cell phones in patient care areas to prevent employees from taking pictures and using social media at work, despite Scott & White's strict social media policy.
The organization even has an employee who monitors all social media sites for signs that employees have communicated inappropriately. Those instances are addressed as they occur.
"We don't pull their phones or have them locked away, though," says Minnis. "Much of the communication [among coworkers] going on now though [isn't] happening from posting on Twitter or Facebook or Instagram, but are instead instant messaging that email services provide and text messages. There are all kinds of potential issues there and the very same issues high school principals are dealing with: bullying, kids, gossiping. All of these are great tools to use, and 95% of people use them appropriately. But those 5% are just too huge of a risk."
There's got to be an better way to create a culture that respects patient privacy, but also respects a staff that has a life outside the hospital. Until one is identified, these strict policies will have to do.
Chelsea Rice is an associate editor for HealthLeaders Media.
