Containing the Patient Privacy Breach

The popular notion of breaking patient confidentiality usually involves simple curiosity about celebrity patients or patients with unusual—perhaps embarrassing—medical issues. That's a black-and-white issue. Good employees know better than to breach that confidence.

There are gray areas, however: healthcare workers with good intentions, raising legitimate concerns about patient safety, care quality, or the competence of colleagues; physicians consulting with colleagues over the Internet. Everyone must be aware of the privacy pitfalls inherent in social media.

Derse says healthcare workers don't have to post concerns about safety or competence on the Internet, because there are plenty of legitimate outlets.

"Having the ability to complain about somebody's performance if they feel it is dangerous or substandard is something that is very important, but you don't have the right to complain to the general public," he says. "You have the right to complain to people who can actually address the problem."

Derse says hospitals should have in place policies that encourage and facilitate reporting bad behavior, and that protect whistleblowers from retaliation. If not, he says, employees can take their complaints to their local medical professions boards.

Paulk says Johns Hopkins has an "absolute rule that anybody can stop the 'assembly line' if they think something is wrong. They are able and encouraged to speak up." That culture of safety encourages staff to report issues to supervisors on an in-house database, or to an anonymous hotline. "We have all different avenues," she says.

And what about healthcare workers who use an Internet site to complain about the workplace? When does an employee's freedom of speech run up against a healthcare institution's need to defend its good name?