Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
CONFIDENTIALITY IN
THE AGE OF SOCIAL
MEDIA
Aamir Hasan
1
Overview
■ Social media can be useful to
providers: What is it? How is it
being used?
■ Providers have legal obligations.
■ Providers should be proactive
with maintaining control over
content and establishing
institutional policies on
appropriate use.
2
What is Social Networking?
■ Broad range of Internet activities
– Texting
– Chat rooms
– Emails
– Blogging
– Videos
■ Easily accessible
– Work computers
– Home computers
– Mobile smartphones and other devices
■ Inherent risks
– Immediacy
– Global reach
– Searchable
– “Email is Forever”
– Expectation of a dialogue
3
Online Social Networking
Exploding
■ Facebook
– >400 million users worldwide
– 2009 revenue: >$550 million
– 8 billion minutes spent on Facebook each day
– Increasing corporate marketing use
■ Twitter
– “Tweets” – max. of 140 characters
– Celebrity usage – Lance Armstrong, Brittany Spears
– Corporate use growing exponentially
– Over 55 million users / month and growing
– Largest user demographic: 35-49
4
Online Social Networking
Exploding
■ LinkedIn
– Facebook for professionals
– Over 50 million registered users
■ MySpace
– Similar to Facebook
– Less than half the users at over 100 million
■ YouTube
– Online videos
■ Blogs
– The original social networking tool
5
What’s in it for Health Care
Providers?
■ April 2010: Hospitals have established:
– 250 YouTube channels
– 300 Facebook pages
– 400 Twitter accounts
6
Legal Obligations:
Confidentiality
■ Providers are ‘covered entities’ under
HIPAA & state law
7
Legal Obligations: Practice of
Medicine
■ Interactions with patients
– Malpractice risk
– Disclaimers (character limits with some media)
– Licensure issues
– Privacy
– Boundary issues
8
Legal Obligations:
Disclaimers
■ Given informal nature of social media,
providers can remind online visitors that
posts are public:
– “This is a public site. Please do not post
personal information about yourself or
others, including medical information.”
■ Note: outside scope of this presentation,
but with institution-hosted media (e.g.,
blogs), a more complete terms &
conditions notice may be appropriate.
9
Administrative Controls
■ Wide range of administrative controls
available to providers that establish
social media presence
■ Facebook:
– Content posting restricted to page
administrators only (public cannot post
content)
– Closed group – persons must formally request
to “join” group before having posting access
10
Employee (Mis-)Use of Social
Networks
■ For personal purposes, at work
■ For personal purposes, impacting your business
– Bad-mouthing the company
– Trade secrets theft
– Harassment
11
Why Health Care Providers
Should Care
■ 61% of employees say that even if employers are
monitoring their social networking activities, they won’t
alter behavior
12
Why Health Care Providers
Should Care
■ Only 17% of companies have programs in place to
monitor and mitigate reputational risks
13
Employer Injury
■ Injury to corporate reputation
– Employee "venting" transmitted instantly to ever-
growing audience
14
Employer Liability
■ Electronic discovery issues
– A new kind of “electronically stored information” (ESI)
– Social media data is typically not stored on employer’s
network or system
■ National Labor Relations Act issues
– Can be “protected, concerted activity”
– Blogging about unfair employer policies
– Applies to all employees, not just unionized workers
15
What Should Employers
■ Develop a policy now – don’t wait for the crisis
Do?
■ Convene working group to draft:
– HR
– Legal
– IT
– Marketing
– PR/Corporate Communications
– Employee users
16
Social Media Policy
Considerations
■ What is your culture?
– Separate or integrated policy?
– Allow or block access to social media websites?
– Distinguish between professional use and personal use?
– Extent to which provider equipment and networks can
be used for social media?
■ What are your needs?
– Use of social networking to generate business?
– Use of social networking in hiring / firing process?
17
Social Media Policy
Considerations
■ Duty to bargain with unions regarding policy?
■ Cross-reference in other policies?
– Anti-harassment and nondiscrimination
– HIPAA/GINA confidentiality
– Codes of ethics
■ Legal review of proposed employee terminations
for social networking activity
18
Social Media Policy
■ Providers should:
– Adopt a Social Media Policy for
employees and staff
– Educate staff about the contents of
the Policy
– Enforce policy through imposing
consequences for violations
19
Social Media Policy:
Adopt
■ Policy should:
– Set rules for what information staff can post
and say online
– Remind and educate staff about obligations –
patient privacy, protecting proprietary
institutional information
– Clarify appropriate relationships between
staff, patients and the public
20
Social Media Policy: Educate &
Enforce
■ Educate:
– Any policy is only as good as the
institutional awareness of it
– Know the policy; educate staff at hire and
push periodic updates
■ Enforce:
– Follow through with penalties for
violations
21
Social Media Policy: Provisions &
Examples
■ Policy statement: “Employees can
use social media for business-
related purposes subject to
restrictions in this Policy to ensure
compliance with legal requirements
and institutional policies.”
22
Social Media Policy: Provisions &
Examples
■ Rules for use:
– Maintain patient privacy
– Respect patients and other staff – no libelous
or defamatory speech
– Safeguard proprietary institutional information
– Comply with copyright, trademark and other
law
– Do not communicate on “behalf” of institution
– No patient-specific medical advice
23
Questions?
24