Twitter This:
Social Media & Hospitals
Jenna Mooney, Partner
Ingrid Brydolf, Partner
1
Overview
 Social media can be useful to
providers: What is it? How is it
being used?
 Providers have legal obligations.
 Providers should be proactive with
maintaining control over content and
establishing institutional policies on
appropriate use.
2
What is Social Networking?
 Broad range of Internet activities
 Texting
 Chat rooms
 Emails
 Blogging
 Videos
 Easily accessible
 Work computers
 Home computers
 Mobile smartphones and other devices
 Inherent risks
 Immediacy
 Global reach
 Searchable
 “Email is Forever”
 Expectation of a dialogue
3
Online Social Networking Exploding
 Facebook
 >400 million users worldwide
 2009 revenue: >$550 million
 8 billion minutes spent on Facebook each day
 Increasing corporate marketing use
 Twitter
 “Tweets” – max. of 140 characters
 Celebrity usage – Lance Armstrong, Brittany Spears
 Corporate use growing exponentially
 Over 55 million users / month and growing
 Largest user demographic: 35-49
4
Online Social Networking Exploding
 LinkedIn
 Facebook for professionals
 Over 50 million registered users
 MySpace
 Similar to Facebook
 Less than half the users at over 100 million
 YouTube
 Online videos
 Blogs
 The original social networking tool
 Non-provider hosted sites (external sites)
 Different legal obligations may arise when a provider hosts blogs and
other media on its own servers
5
What’s in it for Health Care Providers?
 April 2010: Hospitals have established:
 250 YouTube channels
 300 Facebook pages
 400 Twitter accounts
 Social Media is useful to Providers:
 Launch innovative advertising/marketing campaigns
 Provide patients & families with information
 Remain competitive with other providers that have
established social media presences.
 Use in hiring and firing staff?
 Possible discrimination claims?
6
Legal Obligations: Confidentiality
 Providers are ‘covered entities’ under HIPAA
& state law
 Affirmative legal obligation to safeguard
protected patient information
 Patient names, addresses, email addresses
 Creating social media content does not
implicate privacy laws as long as providers do
not post patient information without
authorization
7
Legal Obligations: Practice of
Medicine
 Interactions with patients
 Malpractice risk
 Disclaimers (character limits with some media)
 Licensure issues
 Privacy
 Boundary issues
8
Legal Obligations: Disclaimers
 Given informal nature of social media,
providers can remind online visitors that
posts are public:
 “This is a public site. Please do not post
personal information about yourself or others,
including medical information.”
 Note: outside scope of this presentation, but
with institution-hosted media (e.g., blogs), a
more complete terms & conditions notice
may be appropriate.
9
What’s in it for Health Care
Providers?
Can you say 11,000,000 hits?
10
11
12
13
14
15
16
17
18
19
Administrative Controls
 Wide range of administrative controls
available to providers that establish social
media presence
 Facebook:
 Content posting restricted to page administrators
only (public cannot post content)
 Closed group – persons must formally request to
“join” group before having posting access
20
21
22
Employee (Mis-)Use of Social
Networks


For personal purposes, at work
For personal purposes, impacting your business




Bad-mouthing the company
Trade secrets theft
Harassment
At work, for business purposes




Monitoring comments on hospital services
Answering consumer questions
Promoting services / education
Research
23
Why Health Care Providers Should
Care
 61% of employees say that even if employers
are monitoring their social networking activities,
they won’t alter behavior
 74% of employees believe it is easy to damage
a brand’s reputation via social networking sites
 53% of employees say “social networking pages
are none of an employer’s business.”
*Per Deloitte’s 2009 Ethics & Workplace Survey
24
Why Health Care Providers Should
Care
 Only 17% of companies have programs in place
to monitor and mitigate reputational risks
 Only 22% of employers have formal social
networking policies
*Per Deloitte’s 2009 Ethics & Workplace Survey
25
Employer Injury
 Injury to corporate reputation
 Employee "venting" transmitted instantly to ever-
growing audience
 Possible liability for employee postings
 Defamation
 Copyright infringement
 False advertising claims
 Discrimination/harassment
 Medical information (HIPAA/GINA)
26
Employer Liability
 Electronic discovery issues
 A new kind of “electronically stored information” (ESI)
 Social media data is typically not stored on employer’s network
or system
 National Labor Relations Act issues
 Can be “protected, concerted activity”
 Blogging about unfair employer policies
 Applies to all employees, not just unionized workers
27
What Should Employers Do?
 Develop a policy now – don’t wait for the crisis
 Convene working group to draft:






HR
Legal
IT
Marketing
PR/Corporate Communications
Employee users
28
Social Media Policy Considerations
 What is your culture?




Separate or integrated policy?
Allow or block access to social media websites?
Distinguish between professional use and personal use?
Extent to which provider equipment and networks can be
used for social media?
 What are your needs?
 Use of social networking to generate business?
 Use of social networking in hiring / firing process?
29
Social Media Policy Considerations
 Duty to bargain with unions regarding policy?
 Cross-reference in other policies?
 Anti-harassment and nondiscrimination
 HIPAA/GINA confidentiality
 Codes of ethics
 Legal review of proposed employee terminations for
social networking activity
30
Social Media Policy
 Providers should:
 Adopt a Social Media Policy for
employees and staff
 Educate staff about the contents of the
Policy
 Enforce policy through imposing
consequences for violations
31
Social Media Policy: Adopt
 Policy should:
 Set rules for what information staff can post and
say online
 Remind and educate staff about obligations –
patient privacy, protecting proprietary institutional
information
 Clarify appropriate relationships between staff,
patients and the public
32
Social Media Policy: Educate & Enforce
 Educate:
 Any policy is only as good as the
institutional awareness of it
 Know the policy; educate staff at hire and
push periodic updates
 Enforce:
 Follow through with penalties for violations
33
Social Media Policy: Provisions & Examples
 Policy statement: “Employees can use
social media for business-related
purposes subject to restrictions in this
Policy to ensure compliance with legal
requirements and institutional policies.”
 Scope of policy – separate provisions
for institution-hosted and externally
hosted sites.
34
Social Media Policy: Provisions & Examples
 Rules for use:
 Maintain patient privacy
 Respect patients and other staff – no libelous or




defamatory speech
Safeguard proprietary institutional information
Comply with copyright, trademark and other law
Do not communicate on “behalf” of institution
No patient-specific medical advice
35
Questions?
36