Ben Fenton was quoted in Kibkabe Araya’s Los Angeles and San Francisco Daily Journal article “Health Care Industry Struggles With Employees’ Social Media Use.” The full article can be found below.
Tuesday, June 2, 2015
Health care industry struggles with employees’ social media use
By Kibkabe Araya
In 2010, Tri-City Medical Center in Oceanside fired five nurses for discussing shift changes on Facebook, even after it found no mention of patient information. The nurses fired back with an appeal. That same year, St. Mary Medical Center in Long Beach terminated four employees and disciplined another three for posting photos of a dying patient on Facebook. A year later, Providence Holy Cross Medical Center in Mission Hills investigated an employee for ridiculing a female patient’s condition on Facebook with a photo of her name and admission date.
California health care entities saw their share of inappropriate social media incidents in recent years, as social media violations continue to be a problem under HIPAA, or the Health Insurance Portability and Accountability Act.
But health care compliance attorneys are combating an interesting side effect of those violations: They say they are trying to dodge wrongful termination litigation against employers after a worker who misused social media is fired.
HIPAA doesn’t address social media specifically but has strong rules against releasing protected health information, or PHI, to the public. Research firm Grant Thornton LLP found 67 percent of employers do not have a social media policy in
2013, and health care IT assessor Redspin Inc. recently found PHI breaches increased by 25 percent since 2013. Without the mention of the prevalent form of communication, hospitals and health care facilities must move cautiously when creating their own social media policies to not infringe on employees’ rights.
“People forget taking a picture that identifies a patient because they’re recognizable and that they’re in the hospital is public health information,” said Alan L. Friel of Baker & Hostetler LLP. “That’s where we see the common mistakes in social media.”
Last month, a National Labor Relations Board judge ruled the firing of a Montana ophthalmic assistant was unwarranted under HIPAA after she accessed employee contact information for a union. The judge wrote the assistant was “only acting in line with instructions and practices the Respondent had promulgated and established.” The employee can collect lost wages and is entitled to get her job back. Rocky Mountain Eye Center P.C. v. International Union of Operating Engineers Local 400, 19-CA-134567 (NLRB May 6, 2015).
It was the most recent of several cases involving social media policies, with the NLRB taking a position against employers for not having detailed protocols in place and restricting free speech.
“Different providers struggle with where to draw the line,” said Hope R. Levy-Biehl of Hooper, Lundy & Bookman PC. “I have seen workforce members [who] can’t use social media during work hours. I have seen covered entities say employees can’t discuss work happenings on social media. In terms of how far that goes and if it’s permissible, it’s a little fuzzier.”
Clarity in a company’s social media policy is key to evading a lawsuit, attorneys say, and training needs to be constantly updated and relayed to employees.
“We help our clients update manuals and update training programs to decrease the likelihood of social media breaches,” said Benjamin J. Fenton of Fenton Jurkowitz Law Group LLP. “It includes more recent potential avenues where people share information, basically making sure it includes all forms of social media.”
If the health care employer believes a HIPAA breach occurred, Fenton said it needs to conduct an internal investigation before taking any action against an employee.
Every HIPAA breach needs to be reported to the California Department of Public Health and U.S. Department of Health and Human Services Office for Civil Rights if it affected
500 or more people. Because a HIPAA violation can incur fines, it’s up to the employer on how to discipline an employee.
But the employer must ensure its social media policy goes into detail on what could lead to termination if it decides to fire an employee for allegedly violating HIPAA through social media. Depending on the company, Friel said it should even extend to employees talking positively about their company or products on a social media outlet, since that could be a Federal Trade Commission violation.
“It’s a pretty clear cut violation of HIPAA and of terms of employment,” Friel said. “Like with any privacy matter, they need constant training. If someone has social media, don’t bring it to the workplace in a way that it infringes on patient privacy rights.”
On the other side, the California Nurses Association, which represented the fired Oceanside nurses five years ago, continues to see social media complaints. Donald W. Nielsen, attorney and director of government relations at CNA, said nurses have the constitutional right to exercise free speech collectively.
“We support patient privacy and so forth. We encourage everyone to be respectful of those rights,” Nielsen said. “At the same time,” he said, if nurses use social media “without violating HIPAA, without identifying a patient or an individual or divulging PHI, then there should be no issue.”