NEWS & ANALYSIS

Unfriending Facebook: Social Media Pitfalls for Health Care Employers

In today’s digital workplace, few issues cause more confusion than social media. Numerous laws are relevant to social media, from Title VII to the Fair Credit Reporting Act to the National Labor Relations Act to state-specific laws barring requests for applicants’ personal passwords. In the health care industry, there are also patient privacy concerns. Here’s how employers in the health care industry can navigate the social media minefield.

Social media screening of applicants

When used properly, social media searches can provide a way for employers to acquire helpful information that they might not otherwise get through the normal hiring process. For example, an online search may bring to light inconsistencies in work history, or good things like hobbies and civic involvement. Information that allows you to make a better hiring decision is good, right?

Maybe, and maybe not. Googling applicants may reveal information you’d rather not know (and should not know), including age, medical conditions, religion, or other protected characteristics. (Think: “Happy 63rd birthday, Bob! Hope your lumbago isn’t flaring up today, because I want to dance with you and the Irish Band at the KC Hall tonight!”) Once you learn protected information, you can’t unlearn it. This issue is particularly relevant because the Equal Employment Opportunity Commission has said that eliminating systemic barriers in recruitment and hiring is one of its current priorities.

The right of employees under the National Labor Relations Act to engage in “protected concerted activity” – including through the use of social media — applies whether the employees have a union or not.

Further, practically speaking, the information you find online may not tell you what you think it’s telling you. A 2013 study by researchers at North Carolina State University found that companies may misunderstand the personality traits reflected in particular types of social media posts. For example, posting online about alcohol use did not correlate with an actual lack of conscientiousness.

Lawful social media policies for current employees

Once you’ve hired an applicant, your social media worries are over, right? Nope.

The National Labor Relations Board under President Obama vigorously defends the right of employees to discuss the terms and conditions of their employment online. Section 7 of the National Labor Relations Act allows non-supervisory employees to organize, and (among other things) “engage in other concerted activities for the purpose of collective bargaining or other mutual aid or protection.” In the NLRB’s view, online or social media discussions about the workplace will usually be “protected concerted activity.” Accordingly, the Board takes the position that “overly broad” or “ambiguous” social media policies unlawfully restrict employees’ rights, or at least have a “chilling effect” on the exercise of their rights. Section 7 rights apply whether the employees belong to a union or not. (Section 7 also applies to a wide range of “offline” activity.)

Less surprisingly, it also violates the NLRA for an employer to subject an employee to adverse action (for example, discipline, demotion, or termination) because the employee engaged in “protected concerted activity” by way of a social media posting. As an example, if a staff nurse posts on Facebook that the Charge Nurse is an ogre, and co-workers enthusiastically post their agreement, they are probably engaging in protected concerted activity because whether the Charge Nurse is an ogre is a “term and condition of employment” for the nurses who report to her. (The initial post may be “protected concerted activity” in itself, too, if the NLRB finds that the original nurse was “preparing for group action.”)

Remember that the medium – whether it be Facebook, Twitter, texting, talking, or Pony Express – doesn’t matter as much as the conduct itself and whether it’s creating a hostile work environment.

Fortunately for health care employers, the courts appear to be more tolerant than the NLRB of employers social media policies and restrictions, and some employers have been successful in using employees' own social media postings in defense of the company. Nonetheless, this is a rapidly evolving area of the law that health care employers should continue to monitor.

Even the NLRB recognizes that employers have to be able to address workplace issues such as bullying or harassment, protection of patient confidentiality (more on that in a minute), and protection of trade secrets and confidential and proprietary information. Under some circumstances, an employer will be in trouble if it does not take action against employees who engage in inappropriate online conduct. In recent years one company paid $2.3 million to settle a lawsuit brought by the EEOC alleging sexual harassment via text messages, among other things, and retaliation. In another case, a court upheld an award of more than $1 million to an employee with a disability who was harassed by co-workers on a blog. Remember: the medium – whether it be Facebook, Twitter, texting, talking or Pony Express – doesn’t matter nearly as much as the conduct itself and whether it’s creating a hostile work environment.

Patient (and staff) privacy concerns

Employees in the health care industry see and hear a lot, and sometimes they want to share, as did the physician who allegedly snapped a selfie with the late comedian Joan Rivers while she was unconscious in the clinic. That move, coupled with some alleged medical mistakes, led to a big malpractice lawsuit that just recently settled for an undisclosed amount. The media have publicized numerous instances where health care employees posted on Facebook about heavy patients, patients with “interesting” medical conditions, and patients whose foolish lifestyles or behavior resulted in a trip to the Emergency Room. Even if the patients are not named, the posts often include enough information to make the patients identifiable.

Employees of health care employers need to understand that posting about patients in any way that violates their privacy, including on social media, is strictly prohibited and will result in termination of employment whenever discovered. A termination for this reason will usually not violate the NLRA.

With cell phone recording, it’s no longer safe to assume that, because the patient is anesthetized, the staff is free to start venting.

There have also been one or two high-profile cases in which a patient recorded medical staff on a cell phone during a medical procedure. In a case from the Washington, D.C., area, a colonoscopy patient turned on his cell phone recorder to make sure he preserved his post-operative instructions. He accidentally left the recorder on, and the procedure began. What he got on the recording – while he was unconscious – was insulting remarks, and worse, from the anesthesiologist and others in the room. The patient had the last laugh, though – a jury awarded him $500,000 in his defamation lawsuit against the anesthesiologist, her practice, and the gastroenterology practice that was involved. More recently, a Texas woman undergoing hernia surgery deliberately hid a recorder in her hair weave and caught some snippy remarks about herself and her weight after she was unconscious and the staff thought they were free to talk. Although she did not sue – possibly because, even in a one-party-consent state, the recording may have been illegal – the embarrassing publicity that resulted could not have been good for the employer.

When conducting orientation and training, health care employers need to warn caregivers that in this day of smart phones, anything they say can and will be recorded. It is no longer safe to assume that, because a patient is anesthetized, the staff is free to start venting. To the extent that they need to vent about a patient – which is understandable, given the stressful atmosphere of an operating room – they need to save it for (1) after the procedure and (2) outside the presence of the patient.

Prevention and cure

Because every workplace – even in the health care industry – is different, take the time to create a comprehensive digital governance program. For example, does the majority of your workforce use a computer to perform their daily duties, or is the use of mobile devices while driving more of a concern? Do you have a marketing department that is authorized to use social media on your behalf? Is most of your workforce connected on Facebook, Twitter or Instagram, and has that resulted in any workplace problems? The process of evaluating the digital needs of your company should be a group effort to which your administrators, your legal counsel, and your IT team all contribute. A team approach is more likely to yield a practical solution – legally, technically and financially.

Create good plans and policies. Once you have made a guidance plan, create a social media policy that lawfully addresses your specific needs. In general, social media policies should give clear guidance and specific examples of acceptable and prohibited conduct. As a health care employer, be sure your policy adequately covers patient privacy. If you ask that employees maintain the confidentiality of your trade secrets, specify what you mean by that. Also, make it clear that employees have no expectation of privacy on company time or company equipment. According to the NLRB, a social media policy cannot contain a blanket prohibition on “disparaging comments” or “criticism about the company,” nor can it mandate “courtesy.” Although the courts may not ultimately agree with the NLRB’s position on all points, you probably would prefer not to be a test case. On the other hand, the policy can prohibit bullying or harassment, discrimination, and other forms of unlawful behavior as long as the prohibition is clearly spelled out.

The patient privacy issue is so important for health care employers that it should be addressed in new-employee orientation and periodically in employee training.

Conduct training. Perfect policies cannot save your company from unlawful conduct that occurs when your employees either don’t know the policy exists or don’t understand what it means. The patient privacy issue is so important for health care employers that it should be addressed in new-employee orientation and periodically in employee training. It’s also good to make sure that employees understand that social media harassment can be just as serious as the old-fashioned, “analog” kind.

Create and maintain a paper (or electronic) trail. Especially when it comes to defending a legal action, any and all related documents are critical evidence. One of the best ways to establish your innocence when it comes to applicant screenings or internal investigations of “electronic” harassment is to provide a contemporaneous record of exactly what actions you took and why.

Take complaints of online harassment or bullying, or of breaches of privacy, seriously. Although you have no obligation to affirmatively monitor all activities of your employees after hours and outside of work, you can and should prohibit illegal conduct online that breaches patient privacy or creates a hostile work environment for your employees. Even the NLRB has approved policy language prohibiting “discriminatory remarks, harassment, and threats of violence or similar inappropriate or unlawful conduct.”

As always, be consistent! For example, Googling only one of nine applicants – the one who looks like she might be pregnant — is a bad idea.

Beware. The Internet is forever. Individuals skilled in computer forensics can recover just about anything. Therefore, don’t do anything online that you wouldn’t do in person or on paper.

While social media is just one of the challenges faced by health care employers in the digital era, it is one that can be overcome by good strategy and consistent execution.

PULSE 

Click here to view graph.

A BAND-AID AND A KISS