Posted by: Wendy Schuchart
Compliance mgmt., data privacy, Facebook, SharePoint and Web 2.0, social media policies
I’m starting to feel like the girl who cried wolf about social media policies, but in at least one instance, the wolf has indeed attacked, in the form of a patient’s medical records being shared on a Facebook wall.
A medical health center employee allegedly posted a photo of a female patient’s medical record that included the patient’s name and date of admission. The employee of Providence Holy Cross Medical Center in Santa Clarita, Calif., also allegedly accompanied the photo with commentary on the patient’s sexual health concerns in his Facebook wall. When questioned about it, the employee is reported as defending his posting, indicating that the name was not identifiable and saying “It’s just Facebook. … Not reality.”
This is nothing new. Last year, a little over 100 miles down the 405 from Santa Clarita, five Oceanside, Calif., nurses were fired for discussing patient cases on Facebook. There have been numerous slips and ill-advised social media gaffes that have ended up in terminations, akin to reputation-fouling personal attacks.
Obviously, for Health Insurance Portability and Accountability Act-regulated industries, this is an absolute nightmare, but it should serve as a warning for all CIOs across verticals. It’s disturbing that this employee earnestly believes that information shared on social media doesn’t count somehow. It is absolutely within the rights of an employer to protect its own reputation, including taking action to cease the relationship with individuals who initiate public speech that is harmful to the organization. It all comes down to communication, though. When was the last time you updated your social media policies? What’s more, do you require that each and every employee reads and signs your social media policies on a scheduled basis?
Unfortunately, much of what the public understands about the U.S. Constitution comes from Hollywood — they mistakenly believe that they have guaranteed free speech as some kind of Teflon-coated protection from all things. I suspect that the misguided Facebook poster at Providence Holy Cross didn’t understand that it only means he won’t go to prison, but his continued employment is totally on the table. It’s not certain whether his employer has its social media policies locked and loaded, but I’d be willing to bet that it will after this incident.
Sadly, it won’t be in time to stop the patient’s privacy from being violated.