Team 13C
Central Columbia Hospital, Scenario D: Technology/Social Media/HIPAA
Introduction
Central Columbia Hospital’s (CCH) employee satisfaction rate was low, and as a result
they had a negative culture within the organization. An overflow of the negative culture led to an
online discussion involving several employees on a prominent social media site. During the
conversation, there were potential Health Insurance Portability and Accountability Act (HIPAA)
and Code of Conduct violations.
Problems
Minor
CCH is encountering a few minor problems that could eventually be costly to the company.
 Employee Unrest
The employees of CCH seem to be unsatisfied with their job. During the last cultural assessment
survey, there was a 0.7% increase of employee satisfaction, and there was also a 3.7% increase
of employees considering leaving in the past six months (Riccio, Scenario D, 2015). This seems
to be due to the stress put on the employees by upper management, specifically by Anita Green,
the current CEO of CCH.
 Lack of Respect for Green
There seems to be a distinct lack of respect from some key upper level managers towards the
CEO, Anita Green. Dr. George Stiller, who is a well-loved and respected doctor in the hospital,
expressed concern in hiring a CEO that was not from the hospital’s local area. The tension
between the two may very well be the cause of the lack of respect present amongst employees
and other board members towards Green.
Major
CCH faces two major problems that, if not dealt with correctly, will have a negative impact on
the future success of the company.
 Dealing with a potential HIPAA violation
The “general” HIPAA Rule is that a Covered Entity may not use or disclose Protected Health
Information (“PHI”), except as permitted or required by the Privacy Rules (Rorer, 2013, 4).
Through the conversation among employees, we believe that there was a reasonable basis to
believe the information can be used to identify the Individual. If not treated correctly, HIPAA
violations can cost companies anywhere from $100 to $50,000 per violation (Rorer, 2013, 8).
 Lack of Social Media Policy
Based on a Nucleus Research study, 77% of the workforce has a social media account and
almost 2/3 of those employees have access to social media at work. This means that companies
must have a social media policy in place which is worded in a way that does not prohibit
employees from exercising their right of open forum about their employment and working
conditions.
Alternatives
CCH has the opportunity to address their policies, or lack thereof, in the areas of social
media and HIPAA compliance. One such way that the hospital could utilize this opportunity is
by making meetings more accessible to all hospital staff, thus ensuring that unease is stated in a
secure environment instead of on a public forum.. Alternatively, a more recently trained HR
manager could be hired that would assist Frank Scott in managing the HR department. A cheaper
alternative for training would be to hire a costly third party consult. However, having the HR
department and legal counsel lead the training is the best solution. The hospital has a successful
track record when they work within the organization which creates a great option to foster this
family atmosphere.
Analysis
To prevent future violations, the Human Resources department, with support from the
organization, is going to create valuable training and development opportunities for its current
and future employees. While it is true that the hospital’s current Code of Conduct policy has
guidance about HIPAA violations, it neglects to mention employee conduct outside of work
(Riccio, Scenario D, 2015). Therefore the policy must clarify what is appropriate for employees
to say both inside and outside of the workplace.
The new social media policy should also aid the current Code of Conduct policy so that it
gives guidance to employees in their outside activities. In the new Social Media policy, there will
be a clause about prohibiting the use of any form of social media during regular work hours. We
suggest wording the new policy in a manner such as, “Refrain from using social media while on
work time or on work-provided equipment unless it is work related as authorized by your
manager” (SHRM, Employee use of social media, [PowerPoint Slide 12]). However, it is also
important to note that we will encourage employees to talk openly to other employees about their
employment and working conditions. This policy will be used to prevent employees harming the
reputation of employer and exposing trade secrets or patient confidential information in or
outside of work.
Conclusion
Overall, the hospital has many things to be proud of but also has many challenges going
forward. If done correctly, CCH has the opportunity to improve their next cultural assessment
survey. They also have an opportunity to come together by providing more training on HIPAA
laws and regulations. From the information provided, we feel that the employees’ actions do not
warrant discipline because sufficient training on HIPAA laws has not been provided to
employees, even though the Code of Conduct states, “We actively protect and safeguard
patients’ health information and respect patient privacy in all forms,” (Riccio, Scenario D,
2015). In this particular situation, the hospital should address the behavior of the employees that
participated in this conversation by using this as an opportunity to inform all employees about
HIPAA laws and compliance. We decided based on the current Code of Conduct, the situation
does require the formation of a social media policy. Creating new policies will allow CCH
employees to better understand the expectations from the senior management team while
creating a more transparent culture. In addition to these new policies, CCH can refocus their
efforts on expanding the employee discussion groups so all employees can benefit from the new
training.
References
National Library Relations Board. (n.d.). Interfering with employee rights (section
7&8(a)(1)). Retrieved from http://www.nlrb.gov/rights-we-protect/whats-law/employers
/interfering-employee-rights-section-7-8a1.
Riccio, S. (2015). Central Columbia Hospital, Scenario D: Technology/Social Media/HIPAA
Rorer, S. S. (2013). Social media compliance challenge: From HIPAA to the NLRA.
American Health Lawyers Association. Retrieved from https://www.healthlawyers.org
/Events/Programs/ Materials/Documents/HHS13/Z_rorer.pdf
SHRM. Employee use of social media. [PowerPoint Slides]. Retrieved from
http://www.shrm.org/templatestools/samples/powerpoints/pages/employeeuseofs
ocialmedia.aspx