HIMSS: How vulnerable does social media make you?
Despite some resistance, there are definitely more and more providers utilizing social media networks. As of October 2011, hospitals sharing information accounted for:
- 575 YouTube channels (compared with 398 in August 2010);
- 1,068 Facebook pages (compared with 631 in August 2010);
- 814 Twitter accounts (compared with 634 in August 2010); and
- 149 blogs (compared with 87 in August 2010).
However, with social media problems usually arise among healthcare personnel when those participating blur the lines between the professional and the personal, according to Melnik. "Oftentimes, people do not consider the potential impact of their communications,” which she defines as “ignorance not bliss.” She adds that the other problem is “personal opinion versus professional advice. Once you send, you can’t unsend.”
There already have been several state lawsuits due to the exposure of personal health information (PHI) through social media forums. For example, a Rhode Island physician was fired for posting information about a patient on her personal Facebook page—not the patient’s name, but the physician was reprimanded by the Rhode Island Medical Board for “unprofessional conduct.” In Iowa, a nurse was fired for using Facebook to exchange information about a patient with another health professional without consent—not the patient’s name. In California, ER nurses posted a photo of dying patient on Facebook pages.
To counteract these disaster cases, co-presenter Brian Balow, JD, an attorney at Dickinson Wright, recommended that providers establish a social media policy, in order:
- To protect your patients' rights;
- To instill professionalism throughout your enterprise;
- To protect your organization from liability; and
- To protect your employees from liability.
To use the "rogue employee" defense, providers can protect themselves from “liability to the extent that the conduct occurred in spite of and contrary to reasonable safeguards, including documented training,” said Balow. However, he pointed that this defense will not work if a provider “cannot demonstrate a strict policy or training structure designed to prevent the ‘rogue’ conduct.”
In formulating a social media policy, Balow recommended that providers focus on what employees can do, including:
- Be transparent and authentic.
- Be responsible for what you write.
- Protect PHI and proprietary information.
- Use common sense and common courtesy.
- Think twice before you hit post!
However, he noted the most important aspect of a policy is that employees must be aware of it, and the ramifications of violations.
In their closing remarks, Melnick and Balow summed that while social media will undoubtedly become more of a part of most healthcare settings, providers will need to establish policies to protect themselves from liabilities.