Use contract, specific policy to protect privacy
Use contract, specific policy to protect privacy
The best way to deal with the issue of hospital employees snooping in patient records and spreading private information may be with a contract and a specific policy about blogging or social networking, suggest two experts.
Jacqueline D. Lipton, PhD, professor of law at Case Western Reserve University in Cleveland, is an expert in cyberlaw, and she says the current privacy tort laws and their potential penalties are not likely to be of much help in discouraging such improper behavior. They generally require the public exposure of private information, and it is questionable whether (or to what extent) photographs taken in hospitals would amount to private information for the purposes of privacy tort law, she says.
"Social networking sites such as Facebook and MySpace do have privacy policies, but they are not very well policed or enforced, and they often don't do much to protect the rights of the subjects of photographs, as opposed to the people who took the photographs," Lipton says. "Hospitals would probably be wise to include contract terms prohibiting their employees from engaging in this kind of behavior."
The Wisconsin hospital that fired the employees accused of photographing the X-ray apparently responded appropriately by drawing on its own contract requirements, she says. Risk managers must make sure they have such a contract in place that can be used when employees commit such egregious acts of misconduct that still might be legal or might be difficult to prove in court.
A specific policy about blogging and social networking also may be necessary, says Gregory Keating, JD, an attorney with the Littler law firm in Boston. The more general policies on patient confidentiality already may cover those activities, but a specific policy for online issues can bring added attention and emphasize how violations can occur.
"It doesn't have to be inordinately long or complicated, but it rings certain very important bells to make it clear to employees that you have expectations about their online activity," he says. "You can't come across as too 'Big Brother' and dictate what they do and don't do on their off time, but it is appropriate to set some guidelines."
Keating says the policy should include rules such as these:
No blogging or social networking using the health system's electronic resources. That means no hospital computers, Blackberries, or other devices can be used.
The blogging or social networking is subject to all relevant policies from the employee handbook, such as those covering patient confidentiality and harassment.
No protected health information is to be posted online in any format.
No photographs or videos taken on hospital premises may be posted online even if patients are not thought to be identifiable.
Any posting regarding the hospital should include a statement that the views are not endorsed by the hospital.
No hospital trademark, logo, or other graphic may be used online.
"Don't think that because some of this is, in your mind at least, already covered by existing policies in the handbook, you don't need a specific policy about online posting," Keating says. "The point is to remove any excuse about interpreting the broader policy and to bring special emphasis to this current risk."
Sources
For more information on cyberlaw and privacy issues, contact:
Gregory Keating, JD, Littler, Boston. Telephone: (617) 378-6000. E-mail: [email protected].
Jacqueline D. Lipton, PhD, Professor of Law, Case Western Reserve University, Cleveland. Telephone: (216) 368-3303. E-mail: [email protected].
The best way to deal with the issue of hospital employees snooping in patient records and spreading private information may be with a contract and a specific policy about blogging or social networking, suggest two experts.Subscribe Now for Access
You have reached your article limit for the month. We hope you found our articles both enjoyable and insightful. For information on new subscriptions, product trials, alternative billing arrangements or group and site discounts please call 800-688-2421. We look forward to having you as a long-term member of the Relias Media community.