Kevin Troutman is a partner at Fisher & Phillips LLP in Houston and serves as the chair of the firm's Healthcare Practice Group. Additionally, Mr. Troutman has more than 17 years experience in healthcare management positions, once serving as the senior HR manager for 22 hospitals in five states. Mr. Troutman outlined seven best practices for hospitals to consider regarding social media and hospital employees.
1. Update your policy to include social media. Roughly one-third of employers have enacted policies that address employees' use of social media sites, says Mr. Troutman. While this number is growing, employers still aren't catching on as quickly as expected, especially since sites such as Facebook or Twitter will never phase out but only evolve. "Hospitals need to address social media — they can't just proceed as though they don't exist," says Mr. Troutman. He said most hospitals already have strong confidentiality policies in place, but these need to be amended to include specific parameters for social media use.
2. Decide how much restriction employees will face while at work. Some hospitals have enacted prohibited social media policies for employees, while others have restricted their use all together. While this decision may vary from hospital-to-hospital depending on the work environment, Mr. Troutman shares some general advice. "Encourage employees to minimize the use of personal websites or personal activity while they are on work time. You have to recognize that, once in a while, employees will need to send a personal e-mail. But generally, the policy should be this: while at work, you do work. "
3. Train supervisors so they don't inadvertently create problems. In the ambiguous realm of friending, private messages and wall posts, supervisors need to anticipate potential problems regardless of their intention. For instance, a supervisor sending a friend request to a lower level employee could set up potential claims of fraternization, harassment, or — in extreme cases — stalking. Mr. Troutman shared an instance where a supervisor signed into a Facebook account under another username to look up an employee's social media activity, which could be considered defrauding the employee or invading his/her privacy.
4. Make sure employees know HIPAA translates to the web. Social media users tend to be informal, but this can snowball into sheer recklessness. "An employee would know they can't take an x-ray out on the street and show it to people. But for some reason, employees thought it was okay to post an x-ray on a Facebook page and comment on it," says Mr. Troutman. It's important for employers to emphasize that what is posted or expressed online is still subject to hospital policy.
It's also imperative for employers to explicitly outline what employees can and cannot do online. Guidelines to consider include requiring disclaimers on personal pages, such as, "This site is reflective of my opinions and not that of my employer." Some hospitals may not want employees to identify the hospital at all. While it may seem obvious, employees must not divulge patient information — period. An online comment about a patient, even if it excludes the patient's name, will likely violate privacy laws and may leave the public feeling uneasy about the care they may receive at the hospital.
5. Health professionals should be cautious about communicating with patients online. Patients friending or following their physicians, nurses or other medical professionals presents a tricky dilemma for some, but Mr. Troutman advises hospital employees to avoid this situation. "HIPAA is pretty strict," says Mr. Troutman. "It's risky for caregivers to be friends with patients, at least in the individual’s capacity as a patient. In itself, just acknowledging that someone is your patient could constitute a HIPAA violation."
6. Employers need to be careful about how social media is used to screen applicants. Investigating job applicants' social media use can be risky too, says Mr. Troutman. For instance, a Facebook page contains personal information like race, marital status, religion and political views — all of which should not be considered in employment decisions. "Once you know that information, it is difficult to prove you didn't consider it," says Mr. Troutman. This could make it more difficult to defend discrimination claims.
If employers are considering viewing applicants’ information on a social media page, they need to do two things: think about what kind of information they may see before viewing it, and if they decide to continue, they need to proceed in a way that's consistent and structured. Employers can use services to assist them in screening, which will likely result in more consistent findings than random searches.
7. If the hospital has an authorized site, they need to monitor it — stat. Many hospitals have their own websites, and some even have Facebook or Twitter pages. If they do, it is vital to actively monitor those pages and associated patient public feedback. "It is bad practice to have a site and not watch people post," says Mr. Troutman. Negative content can be posted whether a hospital has a site or not. If a facility has its own site, however, they can respond to disgruntled feedback more quickly and effectively.
1. Update your policy to include social media. Roughly one-third of employers have enacted policies that address employees' use of social media sites, says Mr. Troutman. While this number is growing, employers still aren't catching on as quickly as expected, especially since sites such as Facebook or Twitter will never phase out but only evolve. "Hospitals need to address social media — they can't just proceed as though they don't exist," says Mr. Troutman. He said most hospitals already have strong confidentiality policies in place, but these need to be amended to include specific parameters for social media use.
2. Decide how much restriction employees will face while at work. Some hospitals have enacted prohibited social media policies for employees, while others have restricted their use all together. While this decision may vary from hospital-to-hospital depending on the work environment, Mr. Troutman shares some general advice. "Encourage employees to minimize the use of personal websites or personal activity while they are on work time. You have to recognize that, once in a while, employees will need to send a personal e-mail. But generally, the policy should be this: while at work, you do work. "
3. Train supervisors so they don't inadvertently create problems. In the ambiguous realm of friending, private messages and wall posts, supervisors need to anticipate potential problems regardless of their intention. For instance, a supervisor sending a friend request to a lower level employee could set up potential claims of fraternization, harassment, or — in extreme cases — stalking. Mr. Troutman shared an instance where a supervisor signed into a Facebook account under another username to look up an employee's social media activity, which could be considered defrauding the employee or invading his/her privacy.
4. Make sure employees know HIPAA translates to the web. Social media users tend to be informal, but this can snowball into sheer recklessness. "An employee would know they can't take an x-ray out on the street and show it to people. But for some reason, employees thought it was okay to post an x-ray on a Facebook page and comment on it," says Mr. Troutman. It's important for employers to emphasize that what is posted or expressed online is still subject to hospital policy.
It's also imperative for employers to explicitly outline what employees can and cannot do online. Guidelines to consider include requiring disclaimers on personal pages, such as, "This site is reflective of my opinions and not that of my employer." Some hospitals may not want employees to identify the hospital at all. While it may seem obvious, employees must not divulge patient information — period. An online comment about a patient, even if it excludes the patient's name, will likely violate privacy laws and may leave the public feeling uneasy about the care they may receive at the hospital.
5. Health professionals should be cautious about communicating with patients online. Patients friending or following their physicians, nurses or other medical professionals presents a tricky dilemma for some, but Mr. Troutman advises hospital employees to avoid this situation. "HIPAA is pretty strict," says Mr. Troutman. "It's risky for caregivers to be friends with patients, at least in the individual’s capacity as a patient. In itself, just acknowledging that someone is your patient could constitute a HIPAA violation."
6. Employers need to be careful about how social media is used to screen applicants. Investigating job applicants' social media use can be risky too, says Mr. Troutman. For instance, a Facebook page contains personal information like race, marital status, religion and political views — all of which should not be considered in employment decisions. "Once you know that information, it is difficult to prove you didn't consider it," says Mr. Troutman. This could make it more difficult to defend discrimination claims.
If employers are considering viewing applicants’ information on a social media page, they need to do two things: think about what kind of information they may see before viewing it, and if they decide to continue, they need to proceed in a way that's consistent and structured. Employers can use services to assist them in screening, which will likely result in more consistent findings than random searches.
7. If the hospital has an authorized site, they need to monitor it — stat. Many hospitals have their own websites, and some even have Facebook or Twitter pages. If they do, it is vital to actively monitor those pages and associated patient public feedback. "It is bad practice to have a site and not watch people post," says Mr. Troutman. Negative content can be posted whether a hospital has a site or not. If a facility has its own site, however, they can respond to disgruntled feedback more quickly and effectively.