The Legal Pitfalls of “Friending” Social Media in Healthcare
Jeana M. Singleton, Esq. Rosina M. Caponi, Esq. Brennan, Manna & Diamond LLC
OACHC Annual Spring Conference March 6, 2013
Social Media Web-based platforms whereby users
communicate, network, and share user created content with others participating in the platform
Facebook, Twitter, YouTube, Instagram,
LinkedIn, Foursquare, Tumblr, Blogs, user comments
2
SOCIAL MEDIA Commonly used for marketing purposes -
many hospitals, practices, and health centers now have their own Facebook and/or Twitter pages
Used in recruiting – LinkedIn
Employers often look at social media
pages of job applicants
3
Increased use of Health Care Social Media
4
Increased use of Health Care Social Media • Pricewaterhouse-Coopers April 2012
Report: • Over 1200 hospitals participate on 4200 social media sites.
• Facebook and YouTube were most commonly used social media channels to access health related information
5
Increased use of Health Care Social Media • Pricewaterhouse-Coopers April 2012 Report:
• More hospitals evolving from social media marketing to social business strategy – understanding patient’s needs and behaviors, responding to complaints
• In the consumer survey portion of the study:
• 4 in 10 had used social media to find health-related consumer reviews (e.g. of treatments or physicians)
• 1 in 3 have sought information related to other patients’ experience with a disease
• 1 in 4 posed about their health experience • 1 in 5 joined a health forum or community
6
Problems Caused Employees disparaging employer, boss, or
co-workers Contacting other employees with
unwelcomed or inappropriate messages Posting confidential information, pictures,
and videos online relating to patients ◦ What kind of actions can employers take?
7
Problems Caused Risks of employment-based claims arising out
of the use of social media to investigate and screen potential employees, as well as allegations of discriminatory hiring practices based on the results of social media searches
Viewing social media sites can give employer
information protected under the Civil Rights Act such as race, religion, sex, and national origin.
8
Social Media and the Law Recent cases taken up by the National Labor
Relations Board (NLRB) for employees fired because of social media
Employees right to be protected from employer
retaliation when engaging in “concerted activity” NLRB released guidelines specifically for social
media
9
National Labor Relations Act NLRA protects rights of employees: union
and non-union Section 7 – protects an employee’s right
to engage in concerted activities for the purpose of mutual aid and protection
10
“Concerted Activity” Activity by individual employees who are united
in the pursuant of a common goal. Action must be engaged with or on the authority of other employees, and not solely by and on behalf of the individual employee
Certain concerted activities are protected –
activities for employees’ mutual aid or protection or efforts to improve working conditions. Includes scenarios where employees act to initiate group action, and also actions by individual employees bringing group complaints to the attention of management
11
Retaliation Under the NLRA, an employer cannot
retaliate against employee because of employee’s protected concerted activity
12
Relation to Social Media Recently, the NLRB has focused on social
media cases Various Facebook postings have been held
to be protected concerted activity
13
Facebook Cases Many instances held that employers violated
NLRA. Focus on whether discussion involves terms and conditions of employment
Example 1: Employee fired for Facebook
posting expressing frustration of being demoted. Co-workers commented and echoed employee’s frustrations. This was held to constitute complaints about working conditions and thus protected concerted activity.
14
Facebook Cases Example 2: Employer violated NLRA for firing
5 employees who commented on Facebook regarding concerns of the job performance other employees.
Administrative Law Judge held: ◦ “Employees have a protected right to discuss
matters affecting their employment amongst themselves. Explicit or implicit criticism by a co-worker of the manner in which they are performing their jobs is a subject about which employee discussion is protected…”
15
Facebook Cases Other recent cases NLRB declined to issue
complaints involving employer discipline for social networking activity, even when comments were job related. NLRB determined postings were not concerted activities, but rather personal complaints
Ex: Wal-Mart employee posted disparaging
comments about manager and Wal-Mart on Facebook. Was not deemed effort to engage in group action
16
Facebook Cases Provisions of employer’s social media policies have
been deemed overly broad, and thus prohibited protected conduct
Ex: Hospital employee posted negative comments on
Facebook about a co-worker’s absence and was terminated. ◦ NLRB concluded that the hospital’s policy provided no
specific guidance on what was not allowed (e.g. it didn’t describe what was “private” or “confidential” relating to any person or entity) and was overly broad in areas (e.g. didn’t define broad terms such as what constituted embarrassment by the hospital) without limiting conduct in any way that would exclude protected activity
17
Recent NLRB Guidance Employer policies should not be so sweeping that
they prohibit the kinds of activity protected by law, such as the discussion of wages or working conditions among employees.
◦ Example – policy cannot prohibit “making disparaging
comments about company through any media or electronic media.” This is overly broad, needs limiting language that does not restrict NLRA rights
An employee’s comments on social media are
generally not protected if they are mere gripes not made in relation to group activity among employees.
18
What should you do? Review policies. Do they broadly restrict
social media commentary? Must not restrict discussions relating to an employee’s terms and conditions of employment.
◦ Specifically outline types of posts that are
prohibited. Appropriate training for staff and employees
to recognize what is and is not allowed on social media
19
Suggested Elements of Social Media Policies No use of social media at work No use of a patient’s name, pictures,
videos, or any other identifying information
No disparaging patients, even if not identifying them
20
Suggested Elements of Social Media Policies No disclosure of confidential information
relating to organization and employees No stating that personal opinions are
endorsed by organization No use of organization’s logo on personal
social media pages – want to avoid any appearance that a personal page could be construed as being statements of the organization. 21
Harassment and Social Media Harassment issues often arise when co-
workers and supervisors are friends on Facebook or followers on Twitter
Be cautious of any interaction between
employees, especially those in supervisor-subordinate roles
22
Harassment and Social Media Harris v. North Park Clubhouse Lounge ◦ Employee complained to HR when manager called her sexual slurs
◦ Owner and other employees posted threatening comments on her Facebook
◦ Employee filed charge with Equal Employment Opportunity Commission (EEOC) claiming retaliation for her original harassment complaint. Consent decree entered
23
Defamation and Social Media Common issue: employees or students
posting negative comments or untrue statements on social media about employer or institution
Can lead to defamation and libel
accusations
24
Defamation and Social Media Example: Low & Tritt v. The Pizza Kitchen
(Tenn.) ◦ Marketing firm filed $2 million libel suit against former client for comments posted on Twitter and Facebook claiming they hurt reputation
◦ Firm alleged that former client called them “crooks” and that they stole e-mail lists and hacked into Pizza Kitchen’s Facebook page
25
Personal Privacy and Social Media Employers must make sure that company
policy clearly states that employees have no reasonable expectation of privacy on company owned computers
For personal employee social network
pages – employee may have privacy interest if they have taken reasonable efforts to keep the information private
26
Personal Privacy and Social Media However, if page is open to internet users,
no reasonable steps have been taken to keep such information private
Example of steps to keep information
private: page only can be accessed with a password, password is only provided to select individuals
27
Personal Privacy and Social Media Stored Communications Act: 18 USC §2701 Prohibits third parties from intentionally
accessing electronically stored communications (e.g. e-mail) without authorization
Intended to prevent hackers from accessing stored communications, however it has been used in lawsuits against employers
28
Personal Privacy and Social Media Example case: Pietrylo v. Hillstone Restaurant
Group (D.N.J. 2009) ◦ Employer found liable of violating Stored
Communications Act when managers intentionally accessed a chat group on the employee’s MySpace page without receiving authorization from employee to join the group. Manager coerced password from another employee. Employer fired employee based on content of the chat group.
◦ Compensatory and punitive damages awarded to
employee due to malicious conduct – manager knew access was unauthorized.
29
Personal Privacy - Passwords
Instances of employers requiring employees (or schools requiring students) to turn over social media passwords have been in the news lately
6 states have legislation banning such
practices (CA, MD, MI, NJ, DE, IL) Ohio has similar proposed legislation: S.B.
351 would prohibit employers from requiring applicant or employee to provide access to their electronic accounts
30
Personal Privacy and Social Media Lesson: ◦ Deception can never be used by employer to obtain
information that is intended to remain private ◦ Cannot coerce employees into giving access to
private information ◦ If you believe an employee’s postings needs
investigation, go direct to employee/site owner for access ◦ Not recommended to require employees to supply their personal passwords due to privacy concerns and pending Ohio legislation
31
Patient Confidentiality and Social Media
HIPAA – health care providers must keep a patient’s individually identifiable health information confidential, except in specific circumstances when disclosure is allowed
32
Patient Confidentiality and Social Media
EXAMPLE: ◦ HIPAA violation occurred when grief counselor helped establish a Facebook group with teens. Counselor’s involvement amounted to HIPAA violation, even though teens could have started group on their own.
33
Common Problems Discussion of patients over social
media ◦ Example 1: Doctor fired and fined by
Rhode Island Board of Medicine for posting a trauma patient’s information on Facebook. Although patient’s name not used, could still identify patient with other publicly available information.
◦ Example 2: Patient was involved in a
violent crime and ER employee posted patient’s health information on Facebook.
34
Common Problems Posting pictures of patients on Facebook ◦ Example 1: Hospital workers, including nurses, took pictures of stabbed, dying man, posted on Facebook. Led to firings and suspensions.
◦ Example 2: Nursing aide took pictures of elderly patients using bedpans, posted on Facebook. She was sentenced to jail (served 8 days) for invasion of privacy.
35
Common Problems ◦ Example 3: Resident posted picture on Facebook of his suturing technique on patient. Also included summary of patient’s health history and medical state in the ER. Resident was disciplined.
36
Social Media Journal of the American Medical
Association 2009 survey: ◦ 60% of medical and nursing students polled had made unprofessional postings online that violated patient confidentiality, contained discriminatory language, or included inappropriate sexual language
37
Consequences of HIPAA Violations Penalties can be severe for covered entity Not knowing: fines can range from $100 to
$50,000 per violation Willful neglect: $50,000 per violation fine Those who knowingly obtain and disclose PHI
can face fines up to $50,000 and imprisonment of up to 1 year.
No private right of action under HIPAA. Ohio also has no private right of action for a HIPAA violation. Recently reaffirmed in 2012 case by the 10th Dist. Court of Appeals.
38
American Medical Association Social Media Policy AMA recently issued social media policy Focus on professionalism in the use of social
media Separate personal from professional with
online presence Encourages patient confidentiality and the
use of privacy settings on personal social media accounts to maintain personal and professional privacy
Maintain professional boundaries if interacting with patient online
39
LESSONS: Have clear and concise social media
policies in place! Define what is and what is not appropriate
use of social media by employees/ students. Provide examples.
Explicitly state policy is not intended to
interfere with protected activity or infringe upon employee’s rights.
40
LESSONS: Prohibit: false or obscene statements,
harassing language, discriminatory statements, posting of any patient related information or discussion of patients in general
Include social media in all HIPAA training Monitor social media of employees to ensure
no HIPAA protected information ends up online
41
LESSONS: Reiterate that your harassment and discrimination
policies still apply to social media content Prohibit any unauthorized use of data Require employees to sign acknowledgment that they
have received and read social media policy Explicitly state potential consequences and
punishment. Consistently enforce policy. This will help avoid lawsuits that will hurt your
reputation and finances!
42
National Council of State Boards of Nursing Social Media Video
43
QUESTIONS?
Jeana M. Singleton Rosina M. Caponi
Brennan, Manna & Diamond, LLC
75 East Market Street Akron, Ohio 44308
330-253-5060
[email protected] [email protected]
44