Hospital Seeks To Terminate Five Hospital Workers For Privacy Breaches on Social Media
Tri-City Medical Center in Oceanside, CA, last week said it has moved to terminate five employees and has disciplined a sixth for using "social media to post their personal discussions concerning hospital patients."
Hospital officials became suspicious earlier this year that a breach of patient privacy may have occurred on Facebook and launched an investigation but said that as yet it has found no evidence that patient names, photographs, or other information was posted on the site. Tri-City also has not specified the information these six employees allegedly shared on the website.
Nevertheless, Larry Anderson, CEO of Tri-City released a statement saying the hospital will pursue termination of the employees who "used social media to post their personal discussions concerning hospital patients." Representatives from Tri-City have not released what positions the employees at the hospital hold, but Anderson said in the statement, "we do not tolerate violation of our privacy policies."
A story in last week's North County Times quoted Max Carbuccia, a labor representative for the California Nurses Association, saying that six Tri-City nurses were put on administrative leave about three weeks ago. He said the nurses had not seen the evidence against them, and that all deny posting specific information about specific patients online.
Some nursing organizations noted that the termination seems like inappropriate disciplinary action in light of these circumstances.
"I find it curious that the hospital would pursue termination if no HIPAA violations were made such as posting patient names or pictures," says Debi Savage, RN, MSN, BSN, CNO, of Sacred Heart Hospital in Chicago, IL. "However, if the nurses have on their Facebook page the name of the hospital and possibly the unit they work on and then discuss 'hypothetical scenarios' that could be traced back to patients in that hospital and unit, then I believe this is inappropriate."
"The article (reported by North County Times in CA) clearly states that the discussion on Facebook was hypothetical and didn't include patient information (thereby excluding a HIPPA violation), says Tonya Barrere. "It sounds more like a blog where nurses can bounce their questions/ideas about disease processes or situations they encounter in their profession. In my opinion it's the nurses' rights who have been violated--not the patient's."
Savage does argue, however, that if she were in this situation, and the nurses only posted or shared information on the types of patients the nurses dealt with, she would not be concerned or terminate them.
Carbuccia says the nurses may have responded to hypothetical questions on how to treat different types of patients.
Lisette Cintron, RN, MSN, CHCQM, CNL, Clinical Nurse Educator/NICHE Program Co-Coordinator of Juniper, FL, says that many of these social networking sites are platforms where nurses "gather together to discuss and obtain information on how to handle specific conditions, what options are available, and how to better help their patients."
However, Cintron believes that using Facebook to discuss this information may not be the best route for nurses to take. "We are unsure exactly of what the nurses at Tri-City Medical Center shared on Facebook, but depending on what exactly was shared, should determine whether the firing of the nurses is justified."
Savage believes that based on this particular case, hospitals should expand their HIPAA policy to include posting patient information or hospital information on social media sites, whether that be on Facebook or one's personal blog.